Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504655
MD5:72ed55d2571582a907985c027302a559
SHA1:c2b160d36eb714c0642689a9721e0276213307a4
SHA256:60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5920 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 72ED55D2571582A907985C027302A559)
    • msedge.exe (PID: 6604 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6172 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,4098111406942502324,5433324402779486086,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 6336 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5064 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 4888 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8240 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2268 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7523133-59e6-4e12-8aeb-fe358abdd661} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b8d06dd10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -parentBuildID 20230927232528 -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {271e73ac-af90-45d8-8de7-fa5692018d1d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b9f27b510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef58d2-d38f-453c-bc2d-b69d4213eb44} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23ba4d8a110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7244 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7652 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2784 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7100 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9016 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7244 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7680 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9500 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7640 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3168 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7132 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5580 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5828 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 29%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.7:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.7:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49833 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49836 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 00000006.00000003.1479753361.0000023BA7A01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.6.dr
Source: Binary string: kbdus.pdb source: firefox.exe, 00000006.00000003.1478706127.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478874173.0000023B9CCD6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000006.00000003.1482699318.0000023B9CC8B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000006.00000003.1482699318.0000023B9CC8B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000006.00000003.1480876602.0000023B9CC7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.6.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000006.00000003.1479753361.0000023BA7A01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000006.00000003.1480876602.0000023B9CC7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 00000006.00000003.1478706127.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478874173.0000023B9CCD6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_009EDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BC2A2 FindFirstFileExW,0_2_009BC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F68EE FindFirstFileW,FindClose,0_2_009F68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_009F698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_009ED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_009ED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_009F9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_009F979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_009F9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_009F5C97
Source: firefox.exeMemory has grown: Private usage: 0MB later: 267MB
Source: Joe Sandbox ViewIP Address: 23.200.0.42 23.200.0.42
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.78
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_009FCE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-713313087&timestamp=1725519305782 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726124103&P2=404&P3=2&P4=aMTfH5A2h6bte8x2Cw%2fzs5fQpYWkqqoLds62R%2fhtVYeH5UcD8X7BXqU7Xzy%2fra9vCC%2b3D83qwUmd8DfpZG4QLg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 8+xTpkvc1qHWufkx596lTpSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cN51tuumaDKo4SR&MD=KaWhx23b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cN51tuumaDKo4SR&MD=KaWhx23b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461930253.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472298946.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000017.00000002.2525600756.000001F563F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000017.00000002.2525600756.000001F563F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000017.00000002.2525600756.000001F563F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.facebook.com (Facebook)
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.twitter.com (Twitter)
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461930253.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.1462975775.0000023BA76F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1537231162.0000023BA76F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.1468506630.0000023B9E8D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461515897.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1524754955.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584900887424","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584903507302","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370086503913803","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584908884760","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584909769789","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584910012167","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584909285174","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":571991},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584909759455","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":382854},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584939118220","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"}],"suppor
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.1526560361.0000023BA4D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000006.00000003.1478057983.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/Di
Source: firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478057983.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.1461515897.0000023B9E9FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1555602595.0000023B9E848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525134384.0000023B9E848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460415186.0000023BA4DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.1574730400.0000023BA7223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1471550386.0000023B9E5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1463283141.0000023BA74A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460415186.0000023BA4DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1471550386.0000023B9E5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1471550386.0000023B9E5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000006.00000003.1414895555.0000023BA709A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000006.00000003.1420832700.0000023B9E4DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000006.00000003.1503670840.0000023B9CF77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1416928566.0000023B9E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1462606677.0000023BA783C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1414125935.0000023BA710A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1442740146.0000023BA6C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429255025.0000023B9E285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1409156519.0000023B9CF8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E4DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1504824157.0000023B9E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1449101099.0000023B9E267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1417084214.0000023B9E285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1437961084.0000023B9E262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1567716090.0000023B9A772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1514716349.0000023BA6C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1414125935.0000023BA7182000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1434460293.0000023B9A8CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1417084214.0000023B9E281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1385019684.0000023B9E332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1437961084.0000023B9E26E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1515423087.0000023B9E329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478057983.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000003.1478057983.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000003.1464683155.0000023BA6F90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000006.00000003.1468155165.0000023B9F0DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1467874533.0000023B9F39A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461057675.0000023B9F399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000003.1467874533.0000023B9F39A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461057675.0000023B9F399000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: firefox.exe, 00000017.00000003.1364081290.000001F564D3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000003.1359119021.000001F564D3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2535202679.000001F564D3C000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.6.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.1525958347.0000023B9E669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1470880005.0000023B9E669000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.1465044910.0000023BA6EAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E5FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.1459978175.0000023BA6EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1464870635.0000023BA6EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000020.00000002.2524511668.00000230A0B3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.cD
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE33000.00000004.00000800.00020000.00000000.sdmp, Session_13369992901212328.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13369992901212328.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: recovery.jsonlz4.tmp.6.drString found in binary or memory: https://accounts.google.com/ServiceLogin?s
Source: firefox.exe, 00000020.00000002.2532691565.00000230A0E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&contin
Source: firefox.exe, 00000017.00000002.2531823908.000001F564000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continZ05
Source: History.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369992901212328.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000003.1231354830.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1232780525.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1231354830.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1232780525.0000000001708000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1231354830.0000000001708000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1232780525.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.1236216276.0000024F830E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.1232855105.0000024F830DD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472839181.0000023B9DE57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000003.1231354830.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1232780525.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log6.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13369992901212328.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-7133
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461515897.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1524754955.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp.9.drString found in binary or memory: https://assets.msn.com
Source: firefox.exe, 00000006.00000003.1468990722.0000023B9E848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1527092491.0000023B9E848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1555602595.0000023B9E848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1525134384.0000023B9E848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000003.1464315929.0000023BA7230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1523623464.0000023BA723C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000006.00000003.1437097721.0000023B9E717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000006.00000003.1437097721.0000023B9E740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000006.00000003.1416928566.0000023B9E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1385019684.0000023B9E332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1515423087.0000023B9E329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1536869326.0000023B9E331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1502602419.0000023B9E326000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000006.00000003.1437097721.0000023B9E740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000006.00000003.1437529634.0000023B9DFB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000006.00000003.1395575046.0000023BA74C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.1462311216.0000023BA786D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000006.00000003.1464980584.0000023BA6EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000006.00000003.1458667261.0000023BA72BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.1458667261.0000023BA72BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356474510.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000006.00000003.1456296938.0000023B9C93E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1451349512.0000023B9E2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: Reporting and NEL.9.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000006.00000003.1449101099.0000023B9E267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356474510.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000006.00000003.1416653220.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1387490705.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1398450113.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1422554054.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1381618712.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1439316575.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1392712351.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1457839944.0000023BA78F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395985210.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1389099151.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1399452118.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: 000003.log10.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log10.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log9.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 000003.log10.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000006.00000003.1465255874.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460031032.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000003.1373009127.0000023BA75BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000006.00000003.1372626057.0000023BA75D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1373009127.0000023BA75BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372352047.0000023BA75EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1373308589.0000023BA75E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372626057.0000023BA75E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.1473761064.0000023B9DCD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000006.00000003.1463573404.0000023BA744C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000006.00000003.1526665715.0000023B9F4F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000006.00000003.1465255874.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460031032.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000017.00000002.2525600756.000001F563F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000006.00000003.1464870635.0000023BA6EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356474510.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA710A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA710A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000006.00000003.1460594003.0000023B9F3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000006.00000003.1429255025.0000023B9E285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429255025.0000023B9E2A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1464315929.0000023BA7230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1456296938.0000023B9C93E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1455039649.0000023B9CA4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1451349512.0000023B9E2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000006.00000003.1458667261.0000023BA72DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1463770070.0000023BA72DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000006.00000003.1467841023.0000023B9F3C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461057675.0000023B9F389000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1467909828.0000023B9F389000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460594003.0000023B9F3C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/12672553-cb8c-4210-
Source: firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/681fc5df-21a0-4849-b0ae-fd0c
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitz
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000006.00000003.1463283141.0000023BA74A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.1473761064.0000023B9DCBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.1473761064.0000023B9DCBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1456296938.0000023B9C93E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1451349512.0000023B9E2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0D8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000006.00000003.1477824227.0000023B9CCE3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000003.1421323114.0000023B9E491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 00000006.00000003.1421323114.0000023B9E491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.1524272337.0000023BA6B4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000006.00000003.1449101099.0000023B9E267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000006.00000003.1472713873.0000023B9DEF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000003.1466502634.0000023B9F6B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000003.1461930253.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472298946.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000006.00000003.1473761064.0000023B9DCBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000006.00000003.1473761064.0000023B9DCBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465255874.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460031032.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1463283141.0000023BA74A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461515897.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1524754955.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000006.00000003.1373009127.0000023BA75BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E5FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000006.00000003.1459978175.0000023BA6EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1464870635.0000023BA6EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461930253.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472298946.0000023B9E0EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000006.00000003.1515260471.0000023B9E795000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1502173799.0000023B9E795000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000006.00000003.1460373383.0000023BA4DCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.1395575046.0000023BA74FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E050000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356474510.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: firefox.exe, 00000006.00000003.1395575046.0000023BA74C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1422554054.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1381618712.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1439316575.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1392712351.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395985210.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1389099151.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1399452118.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472458016.0000023B9E049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000006.00000003.1477656378.0000023B9CCDC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1477656378.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000006.00000003.1458667261.0000023BA728E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000006.00000003.1365116674.0000023BA71C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000006.00000003.1416653220.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1387490705.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1398450113.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1422554054.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1381618712.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1439316575.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1392712351.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395985210.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1389099151.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1399452118.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472458016.0000023B9E049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000006.00000003.1471550386.0000023B9E517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000006.00000003.1421323114.0000023B9E491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000006.00000003.1421323114.0000023B9E491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000006.00000003.1459978175.0000023BA6EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472839181.0000023B9DED3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1524114569.0000023BA6EC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1466803504.0000023B9F4E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1523339551.0000023BA769A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: firefox.exe, 00000006.00000003.1372626057.0000023BA75D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1373009127.0000023BA75BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372352047.0000023BA75EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1373308589.0000023BA75E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372626057.0000023BA75E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F937000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F93E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: targeting.snapshot.json.tmp.6.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000006.00000003.1522607732.0000023BA7926000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000003.1522607732.0000023BA7926000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1464315929.0000023BA7230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1523623464.0000023BA723C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1424254955.0000023B9DDF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1416415141.0000023B9DDEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000006.00000003.1424254955.0000023B9DDF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1416415141.0000023B9DDEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E050000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000006.00000003.1472458016.0000023B9E050000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1455039649.0000023B9CA48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000006.00000003.1464315929.0000023BA7230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1523623464.0000023BA723C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.183.220.149:443 -> 192.168.2.7:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.7:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.48:443 -> 192.168.2.7:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.7:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.7:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49831 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49833 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49836 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_009FEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_009FED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_009FEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_009EAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00A19576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1225410506.0000000000A42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_9b92b024-1
Source: file.exe, 00000000.00000000.1225410506.0000000000A42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_baefd3ea-9
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0a177fa4-a
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0ba39a93-2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F56448B837 NtQuerySystemInformation,23_2_000001F56448B837
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F5644A98F2 NtQuerySystemInformation,23_2_000001F5644A98F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_009ED5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_009E1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_009EE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F20460_2_009F2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009880600_2_00988060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E82980_2_009E8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BE4FF0_2_009BE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B676B0_2_009B676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A148730_2_00A14873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ACAA00_2_009ACAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098CAF00_2_0098CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099CC390_2_0099CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B6DD90_2_009B6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009891C00_2_009891C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099B1190_2_0099B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A13940_2_009A1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A17060_2_009A1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A781B0_2_009A781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A19B00_2_009A19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009879200_2_00987920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099997D0_2_0099997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A7A4A0_2_009A7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A7CA70_2_009A7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A1C770_2_009A1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B9EEE0_2_009B9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0BE440_2_00A0BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A1F320_2_009A1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F56448B83723_2_000001F56448B837
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F5644A98F223_2_000001F5644A98F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F5644AA01C23_2_000001F5644AA01C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F5644A993223_2_000001F5644A9932
Source: C:\Users\user\Desktop\file.exeCode function: String function: 009A0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0099F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00989CB3 appears 31 times
Source: file.exe, 00000000.00000003.1231354830.00000000016E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs file.exe
Source: file.exe, 00000000.00000002.1232780525.00000000016E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@74/282@58/27
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F37B5 GetLastError,FormatMessageW,0_2_009F37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E10BF AdjustTokenPrivileges,CloseHandle,0_2_009E10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_009E16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009F51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_009ED4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_009F648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_009842A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D955C0-19CC.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user~1\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000006.00000003.1523036067.0000023BA7895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458182367.0000023BA7895000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exeVirustotal: Detection: 29%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,4098111406942502324,5433324402779486086,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2784 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2268 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7523133-59e6-4e12-8aeb-fe358abdd661} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b8d06dd10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7100 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7244 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -parentBuildID 20230927232528 -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {271e73ac-af90-45d8-8de7-fa5692018d1d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b9f27b510 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7680 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7640 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef58d2-d38f-453c-bc2d-b69d4213eb44} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23ba4d8a110 utility
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7132 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5828 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,4098111406942502324,5433324402779486086,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2268 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7523133-59e6-4e12-8aeb-fe358abdd661} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b8d06dd10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -parentBuildID 20230927232528 -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {271e73ac-af90-45d8-8de7-fa5692018d1d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b9f27b510 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef58d2-d38f-453c-bc2d-b69d4213eb44} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23ba4d8a110 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2784 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7100 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7244 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7680 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7640 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef58d2-d38f-453c-bc2d-b69d4213eb44} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23ba4d8a110 utilityJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7132 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5828 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 00000006.00000003.1479753361.0000023BA7A01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.6.dr
Source: Binary string: kbdus.pdb source: firefox.exe, 00000006.00000003.1478706127.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478874173.0000023B9CCD6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000006.00000003.1482699318.0000023B9CC8B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000006.00000003.1482699318.0000023B9CC8B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 00000006.00000003.1480876602.0000023B9CC7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.6.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000006.00000003.1479753361.0000023BA7A01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000006.00000003.1480876602.0000023B9CC7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 00000006.00000003.1478706127.0000023B9CCCD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1478874173.0000023B9CCD6000.00000004.00000020.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_009842DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A0A76 push ecx; ret 0_2_009A0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0099F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00A11C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97765
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F56448B837 rdtsc 23_2_000001F56448B837
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_009EDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BC2A2 FindFirstFileExW,0_2_009BC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F68EE FindFirstFileW,FindClose,0_2_009F68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_009F698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_009ED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_009ED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_009F9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_009F979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_009F9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_009F5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_009842DE
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: firefox.exe, 0000000D.00000002.2534225649.000002370EA02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN
Source: firefox.exe, 0000000D.00000002.2525458517.000002370E46A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696492231s
Source: firefox.exe, 00000017.00000002.2521347014.000001F563BDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpxWd
Source: firefox.exe, 00000020.00000002.2533030184.00000230A0E70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW2
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696492231
Source: firefox.exe, 0000000D.00000002.2534225649.000002370EA02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: firefox.exe, 00000017.00000002.2533152716.000001F564570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696492231
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: firefox.exe, 00000017.00000002.2533152716.000001F564570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000D.00000002.2533455356.000002370E91F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696492231t
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696492231f
Source: firefox.exe, 00000017.00000002.2533152716.000001F564570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 0000000D.00000002.2534225649.000002370EA00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWc
Source: firefox.exe, 0000000D.00000002.2534225649.000002370EA02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696492231
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696492231j
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696492231x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: firefox.exe, 00000020.00000002.2524511668.00000230A0B3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpC
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696492231o
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 23_2_000001F56448B837 rdtsc 23_2_000001F56448B837
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FEAA2 BlockInput,0_2_009FEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009B2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_009842DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A4CE8 mov eax, dword ptr fs:[00000030h]0_2_009A4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_009E0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009B2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A09D5 SetUnhandledExceptionFilter,0_2_009A09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009A0C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_009E1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009C2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_009C2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009EB226 SendInput,keybd_event,0_2_009EB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00A022DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_009E0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_009E1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: firefox.exe, 00000006.00000003.1475192877.0000023BA7A01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A0698 cpuid 0_2_009A0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_009F8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DD27A GetUserNameW,0_2_009DD27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_009BB952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_009842DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00A01204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00A01806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504655 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 64 44 us-west1.prod.sumo.prod.webservices.mozgcp.net 2->44 46 telemetry-incoming.r53-2.services.mozilla.com 2->46 48 24 other IPs or domains 2->48 66 Multi AV Scanner detection for submitted file 2->66 68 Binary is likely a compiled AutoIt script file 2->68 70 Machine Learning detection for sample 2->70 72 AI detected suspicious sample 2->72 8 file.exe 1 2->8         started        11 msedge.exe 26 404 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 74 Binary is likely a compiled AutoIt script file 8->74 76 Found API chain indicative of sandbox detection 8->76 16 msedge.exe 11 8->16         started        18 firefox.exe 1 8->18         started        62 192.168.2.7, 123, 138, 443 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 221 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        50 13.107.246.40, 443, 49746, 49750 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 52 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49703 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 20->52 58 17 other IPs or domains 20->58 54 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49755, 49766, 49767 GOOGLEUS United States 27->54 56 push.services.mozilla.com 34.107.243.93, 443, 49785, 49796 GOOGLEUS United States 27->56 60 9 other IPs or domains 27->60 40 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->40 dropped 42 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->42 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        38 firefox.exe 27->38         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe29%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
ssl.bingadsedgeextension-prod-europe.azurewebsites.net0%VirustotalBrowse
prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
www3.l.google.com0%VirustotalBrowse
contile.services.mozilla.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
push.services.mozilla.com0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
normandy-cdn.services.mozilla.com0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
accounts.youtube.com0%VirustotalBrowse
normandy.cdn.mozilla.net0%VirustotalBrowse
shavar.services.mozilla.com0%VirustotalBrowse
support.mozilla.org0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
content-signature-2.cdn.mozilla.net0%VirustotalBrowse
spocs.getpocket.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://www.leboncoin.fr/0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://MD8.mozilla.org/1/m0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://shavar.services.mozilla.com/0%URL Reputationsafe
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-8390%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.1/0%URL Reputationsafe
https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://mathiasbynens.be/notes/javascript-escapes#single0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
https://monitor.firefox.com/user/preferences0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
https://docs.google.com/0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK0%Avira URL Cloudsafe
https://www.instagram.com/0%Avira URL Cloudsafe
https://duckduckgo.com/ac/?q=0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://mathiasbynens.be/notes/javascript-escapes#single0%VirustotalBrowse
https://accounts.youtube.com/0%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%VirustotalBrowse
https://www.amazon.com/0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://www.instagram.com/0%VirustotalBrowse
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://accounts.youtube.com/0%VirustotalBrowse
https://www.bbc.co.uk/0%Avira URL Cloudsafe
https://addons.mozilla.org/firefox/addon/to-google-translate/0%Avira URL Cloudsafe
https://www.amazon.com/0%VirustotalBrowse
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%VirustotalBrowse
http://127.0.0.1:0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.48
truefalseunknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
contile.services.mozilla.com
34.117.188.166
truefalseunknown
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
truefalseunknown
www3.l.google.com
142.250.186.46
truefalseunknown
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
truefalseunknown
push.services.mozilla.com
34.107.243.93
truefalseunknown
normandy-cdn.services.mozilla.com
35.201.103.21
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
spocs.getpocket.com
unknown
unknownfalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
normandy.cdn.mozilla.net
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
content-signature-2.cdn.mozilla.net
unknown
unknownfalseunknown
support.mozilla.org
unknown
unknownfalseunknown
accounts.youtube.com
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
shavar.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://datastudio.google.com/embed/reporting/firefox.exe, 00000006.00000003.1456296938.0000023B9C93E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1451349512.0000023B9E2DA000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0gmpopenh264.dll.tmp.6.drfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356474510.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000020.00000002.2527659064.00000230A0D8F000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://deff.nelreports.net/api/report?cat=msnReporting and NEL.9.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.leboncoin.fr/firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1463283141.0000023BA74A6000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.google.com/manifest.json0.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000006.00000003.1471550386.0000023B9E532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1461515897.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1524754955.0000023B9E9E4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000003.1395575046.0000023BA74C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1422554054.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1381618712.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1439316575.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472679138.0000023B9DEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1392712351.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395985210.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1389099151.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293809738.0000023B9C987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1399452118.0000023B9E3EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1472458016.0000023B9E049000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000003.1291779922.0000023B9C94A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290422281.0000023B9C91A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293555802.0000023B9C975000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1290134607.0000023B9B600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1291003364.0000023B9C932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1293287605.0000023B9C963000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000006.00000003.1373009127.0000023BA75BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKfirefox.exe, 00000006.00000003.1472839181.0000023B9DE97000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.instagram.com/firefox.exe, 00000006.00000003.1421323114.0000023B9E491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1402069974.0000023B9E490000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://accounts.youtube.com/000003.log6.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1458439472.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1395575046.0000023BA74E5000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.8.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000020.00000002.2527659064.00000230A0D0C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000006.00000003.1437097721.0000023B9E740000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://MD8.mozilla.org/1/mfirefox.exe, 00000006.00000003.1525958347.0000023B9E669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1470880005.0000023B9E669000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.bbc.co.uk/firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000020.00000002.2527659064.00000230A0DC4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000006.00000003.1526560361.0000023BA4D87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000006.00000003.1449101099.0000023B9E267000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bugzilla.mofirefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000006.00000003.1471550386.0000023B9E532000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://shavar.services.mozilla.com/firefox.exe, 00000006.00000003.1472713873.0000023B9DEF9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 0000000D.00000002.2529412193.000002370E8CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563FEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2533450363.00000230A1003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json0.8.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore/manifest.json.8.drfalse
  • Avira URL Cloud: safe
unknown
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000006.00000003.1465143330.0000023BA6E7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465255874.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1465178740.0000023BA6E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1460031032.0000023BA6BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2525600756.000001F563F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000020.00000002.2527659064.00000230A0D13000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.iqiyi.com/firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.1503670840.0000023B9CF77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1416928566.0000023B9E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1462606677.0000023BA783C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1414125935.0000023BA710A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1442740146.0000023BA6C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429255025.0000023B9E285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1409156519.0000023B9CF8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1406476919.0000023B9E4DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1504824157.0000023B9E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1449101099.0000023B9E267000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1417084214.0000023B9E285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1437961084.0000023B9E262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1567716090.0000023B9A772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1514716349.0000023BA6C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1414125935.0000023BA7182000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1434460293.0000023B9A8CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1417084214.0000023B9E281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1385019684.0000023B9E332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1437961084.0000023B9E26E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1515423087.0000023B9E329000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.6.drfalse
  • Avira URL Cloud: safe
unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000006.00000003.1372248432.0000023BA75D9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
  • URL Reputation: safe
unknown
https://www.zhihu.com/firefox.exe, 00000006.00000003.1464315929.0000023BA7230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1523623464.0000023BA723C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000006.00000003.1414125935.0000023BA7119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1426553865.0000023BA712B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1356946347.0000023BA7122000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000006.00000003.1463283141.0000023BA74A6000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000006.00000003.1468375222.0000023B9ED97000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mathiasbynens.be/firefox.exe, 00000006.00000003.1511437582.0000023B9CFE9000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000006.00000003.1460373383.0000023BA4DCC000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000006.00000003.1427676400.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428041830.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1429531090.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1299037276.0000023B9A733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1428639246.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1507253296.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1419530884.0000023B9A723000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1427083417.0000023B9A738000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1431416117.0000023B9A738000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 00000006.00000003.1524437042.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.1574875526.0000023B9F9A8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.icoWeb Data.8.drfalse
  • Avira URL Cloud: safe
unknown
https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000006.00000003.1458667261.0000023BA72BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.co.uk/firefox.exe, 00000006.00000003.1458439472.0000023BA74EB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 00000006.00000003.1523339551.0000023BA76A3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000D.00000002.2528427901.000002370E700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.2524086468.000001F563D90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000020.00000002.2532448277.00000230A0E00000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.0.42
unknownUnited States
20940AKAMAI-ASN1EUfalse
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
172.253.63.84
unknownUnited States
15169GOOGLEUSfalse
142.251.40.129
unknownUnited States
15169GOOGLEUSfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.117.188.166
contile.services.mozilla.comUnited States
139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
35.201.103.21
normandy-cdn.services.mozilla.comUnited States
15169GOOGLEUSfalse
142.251.16.84
unknownUnited States
15169GOOGLEUSfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
52.222.236.48
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
34.107.243.93
push.services.mozilla.comUnited States
15169GOOGLEUSfalse
142.250.64.68
unknownUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.80.78
unknownUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
23.44.201.7
unknownUnited States
20940AKAMAI-ASN1EUfalse
142.251.40.99
unknownUnited States
15169GOOGLEUSfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
34.160.144.191
prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.250.72.110
unknownUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1504655
Start date and time:2024-09-05 08:54:04 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:41
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal64.evad.winEXE@74/282@58/27
EGA Information:
  • Successful, ratio: 50%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 36
  • Number of non-executed functions: 314
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, UsoClient.exe, sppsvc.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 108.177.15.84, 13.107.21.239, 204.79.197.239, 172.217.16.206, 13.107.6.158, 13.107.42.16, 2.19.126.152, 2.19.126.145, 172.217.16.195, 142.250.181.227, 2.23.209.182, 2.23.209.183, 2.23.209.173, 2.23.209.177, 2.23.209.178, 2.23.209.185, 2.23.209.176, 2.23.209.171, 2.23.209.179, 20.74.47.205, 142.250.110.84, 74.125.133.84, 74.125.71.84, 142.251.5.84, 199.232.214.172, 35.81.254.255, 52.11.251.113, 44.239.24.213, 142.250.184.206, 2.22.61.66, 2.22.61.59, 216.58.206.78, 142.250.185.106, 142.250.181.234, 142.250.81.227, 142.250.176.195, 142.251.41.3
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, time.windows.com, arc.msn.com, iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, safebrowsing.googleapis.com, config.edg
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
02:55:17API Interceptor1x Sleep call for process: firefox.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.200.0.42file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                      • www.aib.gov.uk/
                      NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zs
                      PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/42Q
                      06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zk
                      Quotation.xlsGet hashmaliciousUnknownBrowse
                      • 2s.gg/3zM
                      152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                      • www.ust.com/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 93.184.215.14
                      https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 162.159.61.3
                      OmteV2.exeGet hashmaliciousLummaC StealerBrowse
                      • 162.159.61.3
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 94.245.104.56
                      PO#86637.lzhGet hashmaliciousFormBookBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 94.245.104.56
                      file.exeGet hashmaliciousUnknownBrowse
                      • 94.245.104.56
                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 18.65.39.85
                      https://onedrive.live.com/view.aspx?resid=7AEF24C2ECCBD3A%21123&authkey=!ABehDrl0wDeSrDgGet hashmaliciousUnknownBrowse
                      • 3.164.68.65

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                      • 23.44.201.5
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.126.116.19
                      SyncTextReader.exeGet hashmaliciousFormBookBrowse
                      • 172.232.25.148
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.17
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.11
                      file.exeGet hashmaliciousUnknownBrowse
                      • 104.126.116.26
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.219.82.82
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.10
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.219.161.132
                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70Get hashmaliciousLummaC StealerBrowse
                      • 2.16.164.57
                      CLOUDFLARENETUSUpdateMe.exeGet hashmaliciousUnknownBrowse
                      • 188.114.96.3
                      September, 2024002601 AM 841250929344173.htmGet hashmaliciousHTMLPhisherBrowse
                      • 104.17.25.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      MV ALIADO - S-REQ-19-00064 List items.exeGet hashmaliciousFormBookBrowse
                      • 104.21.88.99
                      https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                      • 104.17.24.14
                      PO2021080127.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 188.114.97.3
                      Alexander - Particulars(0)(8).xlsx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 188.114.97.3
                      ELITE DIVA PARTICULARS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      • 188.114.96.3
                      file.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exeGet hashmaliciousFormBookBrowse
                      • 172.67.162.99
                      EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                      • 192.229.233.50
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                      • 152.199.21.175
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      https://5i4wgquoff3p4vcs4b2x3vrkqs4tqpgqetvwkictl2hqbggqideq.ar-io.dev/6jljQo4pdv5UUuB1fdYqhLk4PNAk62UgU16PAJjQQMkGet hashmaliciousHTMLPhisherBrowse
                      • 152.199.21.175
                      file.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.51
                      https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                      • 52.123.128.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.123.243.199
                      https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      https://docsend.com/view/s/g9wy7hdqt2mwawpcGet hashmaliciousUnknownBrowse
                      • 150.171.27.10
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                      • 13.107.246.64

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      https://adobeadpjlkjdnldjddlkw.s3.us-west-1.amazonaws.com/adobescanner0987890.htmlGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      https://rf-190.squarespace.com/sharepoint?e=ben.ly@wic.vic.gov.auGet hashmaliciousHTMLPhisherBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      https://7b14357e6ed5ac4dfd72842ddaaaed9f.ipfscdn.io/ipfs/QmenmshJ1Lkb1NoEFFwbJh7REUP2Z4SDr5eZL3JXuJLWkR#info@titlesqld.com.auGet hashmaliciousHTMLPhisherBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      file.exeGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      https://email.dependent.best/maintenance.html?book=py.kim@hdel.co.krGet hashmaliciousUnknownBrowse
                      • 13.85.23.86
                      • 184.28.90.27
                      • 40.126.32.68
                      • 52.183.220.149
                      • 40.127.240.158
                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 34.160.144.191
                      • 34.120.208.123
                      • 52.222.236.48

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousCoinhive, XmrigBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse

                                                              Created / dropped Files

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_e62db0f2-46a8-487b-ae8e-904c598f5a77.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):7957
                                                              Entropy (8bit):5.175535642362679
                                                              Encrypted:false
                                                              SSDEEP:192:+MvMXHzEcbhbVbTbfbRbObtbyEl7n4r+JA6unSrDtTkd/S92:+F4cNhnzFSJYrd1nSrDhkd/c2
                                                              MD5:17741D5A2AC52DAEEF381E4AE64DEF36
                                                              SHA1:913D0E19797677F7C136B57EFBEBE7D292124DDB
                                                              SHA-256:D1004EE7EE4E70024E2FE3F9BAC4CBD30CA251D902281BCD0E666E80F446EF23
                                                              SHA-512:975E24DAFC661924BC74419C933CDCBA36B41F06CA2387F7D73F9CAAA26E3E44F55FE326B5C59FEA8BAAFAD07C52A84F1F19F161117E6CD75BA38F20947CC6F2
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"e62db0f2-46a8-487b-ae8e-904c598f5a77","creationDate":"2024-09-05T08:35:57.382Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_e62db0f2-46a8-487b-ae8e-904c598f5a77.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):7957
                                                              Entropy (8bit):5.175535642362679
                                                              Encrypted:false
                                                              SSDEEP:192:+MvMXHzEcbhbVbTbfbRbObtbyEl7n4r+JA6unSrDtTkd/S92:+F4cNhnzFSJYrd1nSrDhkd/c2
                                                              MD5:17741D5A2AC52DAEEF381E4AE64DEF36
                                                              SHA1:913D0E19797677F7C136B57EFBEBE7D292124DDB
                                                              SHA-256:D1004EE7EE4E70024E2FE3F9BAC4CBD30CA251D902281BCD0E666E80F446EF23
                                                              SHA-512:975E24DAFC661924BC74419C933CDCBA36B41F06CA2387F7D73F9CAAA26E3E44F55FE326B5C59FEA8BAAFAD07C52A84F1F19F161117E6CD75BA38F20947CC6F2
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"e62db0f2-46a8-487b-ae8e-904c598f5a77","creationDate":"2024-09-05T08:35:57.382Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1a137a42-3187-4fb2-a945-dc695359b9c4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1dde6f25-160d-41f9-936e-41d0a3340126.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):57631
                                                              Entropy (8bit):6.103908151042702
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7ynTIbPGWv/sxtw0j7VLyMV/YoskFoz:z/0+zI7ynTGv/4KWVeZoskG
                                                              MD5:2D5551884E82C8E58491597732F3E0CC
                                                              SHA1:5A5F5750D44F01C100A295D4538D0FB0735192AF
                                                              SHA-256:8AA8EC46F7BC1D0C5046B8C3666B613BB224D68E5EE10AD291DF0CD65AB75AA9
                                                              SHA-512:C956D71CE6069A89BD993D07000AD47ED970326C16AE9D64E9B449287CCE05FB17A2E2E84FAFA9401533E25928409B8AFDACB6442C97D800277D974512A14BDE
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\29320da0-e4b3-4a23-b330-358c993c2ae4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59020
                                                              Entropy (8bit):6.1004873068498915
                                                              Encrypted:false
                                                              SSDEEP:1536:mMGQ5XMBFnkIdPGWv/sxtwmbj59+FFoK7VLyMV/YosA:mMrJMjk4v/4Ke9+LbVeZosA
                                                              MD5:6CEAAB2281DD63F4558B9603D95E5425
                                                              SHA1:772B288DD900DEA0C1642BB9D939B7D88E0B495A
                                                              SHA-256:D3F7F0029EC1E49DE159523365DF3E3B56C91DBFCA4A61F167A087C01E1FC619
                                                              SHA-512:96391FA0BCBB335AA44AFD2D38CAA4823ABEC81F14DF49197F13D9F1882DCDC12B3A8C344F0797CE2780179258030EEC379736B37AEDD2B7060597395E8555F7
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\550fb634-03cc-4a8b-89a6-d02c4c2535e8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):57691
                                                              Entropy (8bit):6.104067112053787
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yO3IiPGWv/sxtwmj7VLyMV/YoskFoz:z/0+zI7yO3Tv/4KQVeZoskG
                                                              MD5:3E1874C86EC84A6F4139657A6EC34F6E
                                                              SHA1:2C6F0DA3D82D1CF04CB37D6CBB44A4979F1AB0C7
                                                              SHA-256:F38C835C85BF166492EC8265D97DE5B542FCE4CC70E2B4424F49D49FEF51E5D6
                                                              SHA-512:C73DF17C487791C66F5DED15EE9E72998A055382468623AFB42EBB0410B686E114A9669E51764D40A26E9F90A93C3F8E59BF8D3DE2480A6AAB3F292DACB967EB
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\62d29e28-5981-4a68-adfa-dddd2fcba591.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):57631
                                                              Entropy (8bit):6.103908151042702
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7ynTIbPGWv/sxtw0j7VLyMV/YoskFoz:z/0+zI7ynTGv/4KWVeZoskG
                                                              MD5:2D5551884E82C8E58491597732F3E0CC
                                                              SHA1:5A5F5750D44F01C100A295D4538D0FB0735192AF
                                                              SHA-256:8AA8EC46F7BC1D0C5046B8C3666B613BB224D68E5EE10AD291DF0CD65AB75AA9
                                                              SHA-512:C956D71CE6069A89BD993D07000AD47ED970326C16AE9D64E9B449287CCE05FB17A2E2E84FAFA9401533E25928409B8AFDACB6442C97D800277D974512A14BDE
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\965ecc62-f07a-4d01-83e3-f02491fc8da7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59020
                                                              Entropy (8bit):6.100480387216444
                                                              Encrypted:false
                                                              SSDEEP:1536:mMGQ5XMBFakILMPGWv/sxtwmbj59+FFoK7VLyMV/YosA:mMrJMjtRv/4Ke9+LbVeZosA
                                                              MD5:54A77BC6B127F3DA080D5D36BFC985E7
                                                              SHA1:8B83745B412D415CE3EE600E6EBB32A48555919C
                                                              SHA-256:4542FFA40989D6CD88B71D42ED1386034BEC26C164E589DDCE9E01F75BB2DB7E
                                                              SHA-512:A97F57586CC5353F65B2A883B9903F3613A8F69F93403A7070E510297C7C27B5AEA29D32D11AFDA8D1755DEFA68E0D5CC78A1DBDBD3F933243A16B7B0CE8407C
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9bc4c623-0894-4499-b8b7-4af88c2253d6.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59020
                                                              Entropy (8bit):6.100486222826818
                                                              Encrypted:false
                                                              SSDEEP:1536:mMGQ5XMBFakIdPGWv/sxtwmbj59+FFoK7VLyMV/YosA:mMrJMjt4v/4Ke9+LbVeZosA
                                                              MD5:CF4FB49504B18F2EB5CCEC116DFEB884
                                                              SHA1:C22D5AE39A3D31E231C37318817C22C627FA4831
                                                              SHA-256:2B79CBDA75F3C49834192CC33E4256B1554776D9A93587225258DAE0268BBC35
                                                              SHA-512:AB777074C2DF6AD13AFE17C4FF9375740B982880D9097C00058A0D0ABCBAB6104C2F9E9B30359D897EE996C39A56EA43A17CE39BE64E0736B7F0B1C33A00BE64
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\921b009e-ac27-4122-bb29-e4e37956e8b2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640145133154881
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                                              MD5:46BC3CA050C9032312C051408F8C6227
                                                              SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                                              SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                                              SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640145133154881
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                                              MD5:46BC3CA050C9032312C051408F8C6227
                                                              SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                                              SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                                              SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D955C0-19CC.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.04789755797061166
                                                              Encrypted:false
                                                              SSDEEP:192:Mg90m5tm9nOAUpY4JPi6VBKP7+G1gsX2fIA5kvjBAIhu5NYf+RQ9ab274EVn8y0d:R90UtymMqHuhuMmeEU08T2RGOD
                                                              MD5:979A84EE85DF83D0488D88794455F4DF
                                                              SHA1:A76664745C0AC30E61779E2516DF2A23955A98B0
                                                              SHA-256:F581AA47C77345293B42EC5D1636568616E35807350EB6EE41EC0A6463611B43
                                                              SHA-512:CA3FE83B5012B8F66BAB0A450E902D3BB9E86FD7628942FA8EC7E27DCB90C152FAB020950626B8B4803970E6F633A139FB358038FD5E53AC70D6C5EAF47DFAC3
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@................k..P[..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".qhudwd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ....2........6......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D955C2-1C4C.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.4832629031205301
                                                              Encrypted:false
                                                              SSDEEP:6144:ePQqX7EbyFnJaHnubIzt/FqfAKjp0aHnHM:OFnwiIza3
                                                              MD5:15AD0A5546EDA3DA8D194B948F0BB7E9
                                                              SHA1:A00600AFAD9FE336EC0035EDDA0A993599F22F33
                                                              SHA-256:03B63961BE9B7538D103D607ADB6678C16CB5355AD5D45A2C3B527293C8B6F99
                                                              SHA-512:5827D9381A771C3388DEEDA015BA65E1E1AD037878880199650162B985294C88814872BF64FC51D8769DB212C1AAF1135560F0AED68B3043F338D856A9E06DAA
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@...............@...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".qhudwd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K..>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):4.16517681506792
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                              MD5:C847567DEE0317368C1EC824DE025887
                                                              SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                              SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                              SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                              Malicious:false
                                                              Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0ffaac3e-9187-4821-b4d2-178139988595.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a2d7ef0-9133-4afe-be4a-229a4540d229.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):10161
                                                              Entropy (8bit):5.212374920707794
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNPpYMKUgkq3i8rbV+FZaQAuYPLYJ:sticsPZtJp3KUEbG8Q7
                                                              MD5:99E37A7783580223703E884774BB8BC8
                                                              SHA1:83BDBAB6DBE7C4767FE17FF69FF89C6991209772
                                                              SHA-256:18C8A069AE5717E555F3EFB16F10A4D5C79CC9967D4CD9A6F7C8F40408A532B3
                                                              SHA-512:C988F500B696EA3C881632ABCDF79C89FE755D25B35B00528F8C2C9C13C737A10E100766719AC243F37EDCF2351F66049D6CBA2301A9EC4D53EE2EC2AB9CF5D1
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):3.5394429593752084
                                                              Encrypted:false
                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):315
                                                              Entropy (8bit):5.242963810568864
                                                              Encrypted:false
                                                              SSDEEP:6:P7t3dB1cNwi23oH+Tcwtp3hBtB2KLllyeq2PcNwi23oH+Tcwtp3hBWsIFUv:P7dRZYebp3dFLnnvLZYebp3eFUv
                                                              MD5:240E41C43B14807CB78E525D6E121EA0
                                                              SHA1:5EF59D9A64D00CF1E595EB3B3290BFDA8F32C10F
                                                              SHA-256:BEB78CAEB799EEA67CC88E795068B8E343B168E237B37534B1AC5663924B9014
                                                              SHA-512:A7623D2AD5975F5DCC92620541B3E1BD5210FB25D130EC59A423425FEB0828B5A563C1458A7AAE17AD3C049EE6C29F887D2D9ECEB3930CA8DD34C4CCA1492C8F
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:03.576 2080 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/05-02:55:03.584 2080 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):13280
                                                              Entropy (8bit):5.435415508389417
                                                              Encrypted:false
                                                              SSDEEP:192:MeA7NzzQdTCu960h80CZrOCVyQbrrPI3lqLmCcWtAll2:jA7Z+60h80CZayrPI3lqSCcW2r2
                                                              MD5:BC40976DDE8BCB4B180ED9837D4097CD
                                                              SHA1:9F2A9329A272B0D432D8C7566A3736E22D0DCC36
                                                              SHA-256:15DCA9CDB2F89B11B04C034B943C4562B30B36CC44552F421D5721704BC036C1
                                                              SHA-512:06935EAD3E04D6513502AF2A0D149DCB14A85466D236DFD6960C2DD29586AD604505E6C548751168851FAC0CC105A222C9AD80FD601B2488E4C34530559BBE8E
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.099023551917654
                                                              Encrypted:false
                                                              SSDEEP:6:PI/QL+q2PcNwi23oH+Tcwt9Eh1tIFUt82yG1Zmw+26bpQLVkwOcNwi23oH+TcwtY:PsQ+vLZYeb9Eh16FUt82yG1/+2+pQV5t
                                                              MD5:E75C1A57174CC6A07ABA532BB0F801E7
                                                              SHA1:4505B99A9A9C69656499677F29A9CC29E5923D74
                                                              SHA-256:22C8BE11D1F9C6FF45D2E51C4FED4178EECB361198ED3E4EBEDC61E4E2DEBB70
                                                              SHA-512:8929580B61EB2D09EFD80C56B32665D7BDE369979DDCCBB51635906FB0CBFFD52AF22AC4B3B88329D619FA0DFA6BB01BE44BF96E9EEECB74B1FC6DD04F4BDF76
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:04.385 239c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-02:55:04.440 239c Recovering log #3.2024/09/05-02:55:04.590 239c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.099023551917654
                                                              Encrypted:false
                                                              SSDEEP:6:PI/QL+q2PcNwi23oH+Tcwt9Eh1tIFUt82yG1Zmw+26bpQLVkwOcNwi23oH+TcwtY:PsQ+vLZYeb9Eh16FUt82yG1/+2+pQV5t
                                                              MD5:E75C1A57174CC6A07ABA532BB0F801E7
                                                              SHA1:4505B99A9A9C69656499677F29A9CC29E5923D74
                                                              SHA-256:22C8BE11D1F9C6FF45D2E51C4FED4178EECB361198ED3E4EBEDC61E4E2DEBB70
                                                              SHA-512:8929580B61EB2D09EFD80C56B32665D7BDE369979DDCCBB51635906FB0CBFFD52AF22AC4B3B88329D619FA0DFA6BB01BE44BF96E9EEECB74B1FC6DD04F4BDF76
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:04.385 239c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-02:55:04.440 239c Recovering log #3.2024/09/05-02:55:04.590 239c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.4649805330346074
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB7rlBy:TouQq3qh7z3bY2LNW9WMcUvB9M
                                                              MD5:A1D59CBD8F6DB1E71108B2E997946F56
                                                              SHA1:BDC35B0ED960606ED6D5B053B99AD1C1EE5DBEEF
                                                              SHA-256:386883F0624EA875C4D1CA85C775B3CE082DB575552A18150E56F61EFA2FB021
                                                              SHA-512:F56AC471D18C429D7D27D08F2920C1EA61A963AC7E5CB0DB2E64040899E7D5A0AC0277F5ED2A004007C5C273FBB3F3958819AD04C51F0ACBEF5643711F5DEC17
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):10240
                                                              Entropy (8bit):0.8708334089814068
                                                              Encrypted:false
                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):636554
                                                              Entropy (8bit):6.0127694795093625
                                                              Encrypted:false
                                                              SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                              MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                              SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                              SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                              SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):142
                                                              Entropy (8bit):5.017887098289942
                                                              Encrypted:false
                                                              SSDEEP:3:F9G38E28xp4m3rscUSXQT5VxSvtlf+nETPxpK2x7L8KFunLv0QYs:W38D8xSEsIXG1U+n0PxEWHFebL
                                                              MD5:9BFE645B993FB6452BA446909F91F3B4
                                                              SHA1:B1CFCF158436B22DF55D49BF77F1F95B05EA692D
                                                              SHA-256:FDA3BC5A5623900F9199DDBDF71CB458F53ECE54195379C42F6DBBF3A0FC67E3
                                                              SHA-512:94270967FB6CAA940A5EB3F0B4BA18541AF4765C6A321A22B6D8F4225E87B8DE74208C1B868C3683064D0D8865862D6FEAB6931FF6753F765FFBE70A8C8A55EB
                                                              Malicious:false
                                                              Preview:.4.9................BLOOM_FILTER_EXPIRY_TIME:.1725605704.577182.EzG................BLOOM_FILTER_LAST_MODIFIED:.Thu, 05 Sep 2024 03:24:32 GMT

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):636529
                                                              Entropy (8bit):6.012178686683981
                                                              Encrypted:false
                                                              SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                              MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                              SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                              SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                              SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                              Malicious:false
                                                              Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):518
                                                              Entropy (8bit):5.231113440450595
                                                              Encrypted:false
                                                              SSDEEP:12:PWMM+vLZYebn9GFUt82XS/+2X9MV54ZYebn95Z9lFf0n1ofr1K2sh:eMdlYeb9ig832oYeb9zqgeh
                                                              MD5:46AB6F133A81FE00867EDE746D3C8524
                                                              SHA1:2B2819B6A63BC34F5B39B5FFA726C1B7F378D136
                                                              SHA-256:C0692994F547FA101CA62EC0B4A64ACB574FAA6187E55D243A83B32F9D980A40
                                                              SHA-512:30138C86068DC57BB16B2F8D84F67D56CD691F92B7E8A25974C825CCCBC5D7A33A46F2189325999200F6E1DA2841019F35460D5C3BEB2BE9E79BD9A29AC06708
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.729 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-02:54:58.804 1d8c Recovering log #3.2024/09/05-02:54:58.804 1d8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-02:55:04.620 1d58 Level-0 table #5: started.2024/09/05-02:55:04.641 1d58 Level-0 table #5: 636529 bytes OK.2024/09/05-02:55:04.644 1d58 Delete type=0 #3.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):518
                                                              Entropy (8bit):5.231113440450595
                                                              Encrypted:false
                                                              SSDEEP:12:PWMM+vLZYebn9GFUt82XS/+2X9MV54ZYebn95Z9lFf0n1ofr1K2sh:eMdlYeb9ig832oYeb9zqgeh
                                                              MD5:46AB6F133A81FE00867EDE746D3C8524
                                                              SHA1:2B2819B6A63BC34F5B39B5FFA726C1B7F378D136
                                                              SHA-256:C0692994F547FA101CA62EC0B4A64ACB574FAA6187E55D243A83B32F9D980A40
                                                              SHA-512:30138C86068DC57BB16B2F8D84F67D56CD691F92B7E8A25974C825CCCBC5D7A33A46F2189325999200F6E1DA2841019F35460D5C3BEB2BE9E79BD9A29AC06708
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.729 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-02:54:58.804 1d8c Recovering log #3.2024/09/05-02:54:58.804 1d8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-02:55:04.620 1d58 Level-0 table #5: started.2024/09/05-02:55:04.641 1d58 Level-0 table #5: 636529 bytes OK.2024/09/05-02:55:04.644 1d58 Delete type=0 #3.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):103
                                                              Entropy (8bit):5.287315490441997
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                              MD5:BBF990808A624C34FC58008F69BE5414
                                                              SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                              SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                              SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):375520
                                                              Entropy (8bit):5.3541010095551425
                                                              Encrypted:false
                                                              SSDEEP:6144:tA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:tFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                              MD5:AA322D10BCE6BFCC7088E4E5043EFFAD
                                                              SHA1:D0BA934424A1B847402075D520D90BE0B8553F31
                                                              SHA-256:980CC890EF2D0363942F8BE5AAFE6C4432C30D6230C783DA5C6C1F04776E70E7
                                                              SHA-512:956599ADB70C4559818D3CD8396BD7688CA370D01AE195E6FE9BF2287BAF551162163AF620A8BCE6BA06584E5EBFDB9E4356D7E43C7B272F9789A3661252F727
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.18..cq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369992908955355..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):317
                                                              Entropy (8bit):5.160887046293784
                                                              Encrypted:false
                                                              SSDEEP:6:P5/1cNwi23oH+Tcwtk2WwnvB2KLllGxQL+q2PcNwi23oH+Tcwtk2WwnvIFUv:PTZYebkxwnvFLnGxQL+vLZYebkxwnQF2
                                                              MD5:72CFB51DA76DE4C9CA8D31ABE0C5EDEE
                                                              SHA1:1123B990A8C27290553DABE7F3A3FE45DAD63D8B
                                                              SHA-256:F838CFBCB5728301EB3B9E8731944CDB9F120DFF46126453A41FE964FEE51130
                                                              SHA-512:3F1F6342B0F7C7A4F265FC7629D8D3313E912A83544A40FBF50E9A68B9A1F8E741B1AD70F894EE502CB3B54533C615AFB15D7BBA53045942A1D4BFBD894B6E4D
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:04.428 23cc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-02:55:04.772 23cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):358860
                                                              Entropy (8bit):5.3246146308181315
                                                              Encrypted:false
                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rq:C1gAg1zfvC
                                                              MD5:20FD03C678827C0010880E4344846161
                                                              SHA1:EF33B119DFAF1E7CE250559DE762BB8E4A3E53DB
                                                              SHA-256:5E8A27A62FF47C0250717519AED9C3E810A13590179809805DF1BF7900119A7D
                                                              SHA-512:9F744D05DD7B42B9DC4503C34B2294B0B4519CD5B2647FCFA93107FDA72A544C73E740849A807699F933CC0ECFA2181F0F8B23055F617BA66189DD97659F9FD4
                                                              Malicious:false
                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.212680771598231
                                                              Encrypted:false
                                                              SSDEEP:6:PQgdFnVq2PcNwi23oH+Tcwt8aPrqIFUt82QgdFngZmw+2QgCIkwOcNwi23oH+TcD:PvvLZYebL3FUt82i/+2L54ZYebQJ
                                                              MD5:F7AA817653452C2058017E9393034876
                                                              SHA1:4E4852B57BD39BC578652385B76FD0F81025C2FF
                                                              SHA-256:7C65F2A09F8C8DE060EE6BA1BB495F2DD115D45ABE2D259654F34BB9CE75EF53
                                                              SHA-512:B931FB6F494915EC7B6D784BD66D3C05DB7D9123337CDB078354D2277AC8C14181E778DC1459F978BD2EBBEAD239742660EF33831523881765FD969103820C25
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.728 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-02:54:58.728 1d84 Recovering log #3.2024/09/05-02:54:58.729 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.212680771598231
                                                              Encrypted:false
                                                              SSDEEP:6:PQgdFnVq2PcNwi23oH+Tcwt8aPrqIFUt82QgdFngZmw+2QgCIkwOcNwi23oH+TcD:PvvLZYebL3FUt82i/+2L54ZYebQJ
                                                              MD5:F7AA817653452C2058017E9393034876
                                                              SHA1:4E4852B57BD39BC578652385B76FD0F81025C2FF
                                                              SHA-256:7C65F2A09F8C8DE060EE6BA1BB495F2DD115D45ABE2D259654F34BB9CE75EF53
                                                              SHA-512:B931FB6F494915EC7B6D784BD66D3C05DB7D9123337CDB078354D2277AC8C14181E778DC1459F978BD2EBBEAD239742660EF33831523881765FD969103820C25
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.728 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-02:54:58.728 1d84 Recovering log #3.2024/09/05-02:54:58.729 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):418
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.231564593045786
                                                              Encrypted:false
                                                              SSDEEP:6:PQMVq2PcNwi23oH+Tcwt865IFUt82QzgZmw+2QzIkwOcNwi23oH+Tcwt86+ULJ:PVvLZYeb/WFUt825/+2T54ZYeb/+SJ
                                                              MD5:78840A1C02AA2C052AFF453131AE5749
                                                              SHA1:0D9CD0D471048FACB9E5FBE79221E12FB21B243F
                                                              SHA-256:24400FE15367A3AD3E91C9A9CE27E19D01B85022F569EC3F8262563BDBC096CA
                                                              SHA-512:E9CD60FBCD8865F6A9CBA319C31F6753F423D4ACF79F934131BA0158CE1D2DE5239BF8D42DB82C6B28DB7291B4FD1D85A238672C25240178E7F3B420E87DF7D0
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.731 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-02:54:58.732 1d84 Recovering log #3.2024/09/05-02:54:58.732 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.231564593045786
                                                              Encrypted:false
                                                              SSDEEP:6:PQMVq2PcNwi23oH+Tcwt865IFUt82QzgZmw+2QzIkwOcNwi23oH+Tcwt86+ULJ:PVvLZYeb/WFUt825/+2T54ZYeb/+SJ
                                                              MD5:78840A1C02AA2C052AFF453131AE5749
                                                              SHA1:0D9CD0D471048FACB9E5FBE79221E12FB21B243F
                                                              SHA-256:24400FE15367A3AD3E91C9A9CE27E19D01B85022F569EC3F8262563BDBC096CA
                                                              SHA-512:E9CD60FBCD8865F6A9CBA319C31F6753F423D4ACF79F934131BA0158CE1D2DE5239BF8D42DB82C6B28DB7291B4FD1D85A238672C25240178E7F3B420E87DF7D0
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.731 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-02:54:58.732 1d84 Recovering log #3.2024/09/05-02:54:58.732 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1254
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.162915219134718
                                                              Encrypted:false
                                                              SSDEEP:6:PhlVq2PcNwi23oH+Tcwt8NIFUt82pUmYgZmw+2pUmYIkwOcNwi23oH+Tcwt8+eLJ:PhPvLZYebpFUt82rh/+2r754ZYebqJ
                                                              MD5:464A5E411FE3DCA650882639D6374301
                                                              SHA1:818D358CB73A3FF26D8BF1C221465183FD430CB5
                                                              SHA-256:FC4A27AF4A0BC491A9AB9E3086385BC05D0E184135EE4AC6D170705DD1211916
                                                              SHA-512:AFC275887788410C41788D44CC5DD94A95370B818585B71C847634D2B7D87E42DE5853F7EEABE21474C876CE842546843AA830AB91E307279F1D7EFEEE0DE52E
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.645 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-02:54:59.646 1d50 Recovering log #3.2024/09/05-02:54:59.646 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.162915219134718
                                                              Encrypted:false
                                                              SSDEEP:6:PhlVq2PcNwi23oH+Tcwt8NIFUt82pUmYgZmw+2pUmYIkwOcNwi23oH+Tcwt8+eLJ:PhPvLZYebpFUt82rh/+2r754ZYebqJ
                                                              MD5:464A5E411FE3DCA650882639D6374301
                                                              SHA1:818D358CB73A3FF26D8BF1C221465183FD430CB5
                                                              SHA-256:FC4A27AF4A0BC491A9AB9E3086385BC05D0E184135EE4AC6D170705DD1211916
                                                              SHA-512:AFC275887788410C41788D44CC5DD94A95370B818585B71C847634D2B7D87E42DE5853F7EEABE21474C876CE842546843AA830AB91E307279F1D7EFEEE0DE52E
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.645 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-02:54:59.646 1d50 Recovering log #3.2024/09/05-02:54:59.646 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):429
                                                              Entropy (8bit):5.809210454117189
                                                              Encrypted:false
                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                              Malicious:false
                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):2.447102071028378
                                                              Encrypted:false
                                                              SSDEEP:96:0BCymIzIebOselS9nsH4/AztcauuoKwqIeb0:mNm2IebOEsHXzCaPo1qIeb0
                                                              MD5:E43E82C6D37FEBB57D12AB9E53635403
                                                              SHA1:521E2C007F2E057A253C74076CDC1E2566B51C5B
                                                              SHA-256:D00182AAD0C9CB519EFEE1294F7ADC9EEE22F56B0CF3805428B6572183FA869A
                                                              SHA-512:003FA0D1DEF7E2822B0738EDA6F897F14FCA568EB61833341FB6E77840008C910AC4B40D4A0E0BF0719699C12A02823A5628E51BF49F194D4034A2FA091F8E02
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):155648
                                                              Entropy (8bit):0.6771118003117426
                                                              Encrypted:false
                                                              SSDEEP:192:AIebYrohH+bDo3iN0Z2TVJkXBBE3ybEIeb0:h/MhIU3iGAIBBE3qdJ
                                                              MD5:27DDC638C13D024C0F5EB0D147702093
                                                              SHA1:3BF9672FE8536C613602D8D98817578EB55FA227
                                                              SHA-256:57A22CD7BB2A01D0229ADC3DB2A491572F4C52CAD58A5A6929C50D988B4EA979
                                                              SHA-512:A93728BEE56324DF6DE57DDEF8B33FFD93755502562B16C65D3CE3FA9CFDF1FDFCA0553D239539F286B4D04837249C22852532FA34A503B77CC05CC719496958
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.2191763562065486
                                                              Encrypted:false
                                                              SSDEEP:3:ePU59tFlljq7A/mhWJFuQ3yy7IOWUb/otdweytllrE9SFcTp4AGbNCV9RUIpE:ePuG75fOpQd0Xi99pEY7E
                                                              MD5:4AC8C722B369CB0A66A340B27E1712F6
                                                              SHA1:1F769E0D310BAF67AA51862C734C7766C6CE386A
                                                              SHA-256:11E2F950E6C682A8FB4111834F42CC31403F1B6FA2E0DDE88E6FFAE78E57A99C
                                                              SHA-512:F2CDA437013CA6293BD3826A80E47C1540FC2E37600BAC22EE901D2450F034D5E51B702EFBFCC3B53AE855D1A32F73DE8F58CC768A09FD89E8ADB246E358B2DD
                                                              Malicious:false
                                                              Preview:.............*Y...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):414
                                                              Entropy (8bit):5.222677144920565
                                                              Encrypted:false
                                                              SSDEEP:12:PmvLZYeb8rcHEZrELFUt82f/+2N54ZYeb8rcHEZrEZSJ:slYeb8nZrExg8MoYeb8nZrEZe
                                                              MD5:82AF47311FD9F2D03D6CB64407FA8F5F
                                                              SHA1:50E8570CFB3F01B47525E879AF2A124568637E95
                                                              SHA-256:ED9141D22143D39322BCC7635F638B98CB1CCE2CFC1CDE450B22F67FA16300AB
                                                              SHA-512:F359A07A8D80D23C431834FDAC320E1CEF06E5ADDEE9F7E0EFF7EC7967139305A5E17397137361A514B8277D0E8AA32B96EECC35D2CB0C0D8885C6754B1F9C22
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:04.199 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-02:55:04.199 1d50 Recovering log #3.2024/09/05-02:55:04.199 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):414
                                                              Entropy (8bit):5.222677144920565
                                                              Encrypted:false
                                                              SSDEEP:12:PmvLZYeb8rcHEZrELFUt82f/+2N54ZYeb8rcHEZrEZSJ:slYeb8nZrExg8MoYeb8nZrEZe
                                                              MD5:82AF47311FD9F2D03D6CB64407FA8F5F
                                                              SHA1:50E8570CFB3F01B47525E879AF2A124568637E95
                                                              SHA-256:ED9141D22143D39322BCC7635F638B98CB1CCE2CFC1CDE450B22F67FA16300AB
                                                              SHA-512:F359A07A8D80D23C431834FDAC320E1CEF06E5ADDEE9F7E0EFF7EC7967139305A5E17397137361A514B8277D0E8AA32B96EECC35D2CB0C0D8885C6754B1F9C22
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:04.199 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-02:55:04.199 1d50 Recovering log #3.2024/09/05-02:55:04.199 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.142850058361346
                                                              Encrypted:false
                                                              SSDEEP:6:PufQL+q2PcNwi23oH+Tcwt8a2jMGIFUt82kuATSGKWZmw+2nBeQLVkwOcNwi23oL:PufQ+vLZYeb8EFUt82SSGKW/+2nBeQVX
                                                              MD5:2FE41A4FA366C7AF1D1935EBFFC08F4B
                                                              SHA1:4C7E1576238C19B67EC278448D85B40BA9932836
                                                              SHA-256:3491D395C4506869E533409857400442A7CD1585330FB4A70FC87BF99EC2CACF
                                                              SHA-512:730F59E93F8228D5D82076006648C2F55932AD5D66AAAFEC5CFA4FC09180346E66103626FF915D2FCCDACCD23D17476DDB05F52406631766238AB8B599B2350A
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.145 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-02:54:59.146 1e5c Recovering log #3.2024/09/05-02:54:59.150 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):342
                                                              Entropy (8bit):5.142850058361346
                                                              Encrypted:false
                                                              SSDEEP:6:PufQL+q2PcNwi23oH+Tcwt8a2jMGIFUt82kuATSGKWZmw+2nBeQLVkwOcNwi23oL:PufQ+vLZYeb8EFUt82SSGKW/+2nBeQVX
                                                              MD5:2FE41A4FA366C7AF1D1935EBFFC08F4B
                                                              SHA1:4C7E1576238C19B67EC278448D85B40BA9932836
                                                              SHA-256:3491D395C4506869E533409857400442A7CD1585330FB4A70FC87BF99EC2CACF
                                                              SHA-512:730F59E93F8228D5D82076006648C2F55932AD5D66AAAFEC5CFA4FC09180346E66103626FF915D2FCCDACCD23D17476DDB05F52406631766238AB8B599B2350A
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.145 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-02:54:59.146 1e5c Recovering log #3.2024/09/05-02:54:59.150 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):24576
                                                              Entropy (8bit):0.4036822708647989
                                                              Encrypted:false
                                                              SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IjbdFP:TxKX0wxORAmA/U1cEB5IjbdFP
                                                              MD5:1204A43AEF96BF14CC704F46BA7970BC
                                                              SHA1:BCF6A3917B6A497FB748616579658D99DC6F3E1C
                                                              SHA-256:1E3F8B409D29E1F8B32A99EA86A388B76D49D7276C91A9CBED456AE7D74C0491
                                                              SHA-512:3C17E7D33BEFFAE9CC253CA6D69E4A7855319E48044367EBA4110148F77DB407F173ACC1D8B66550823F13C84B2B27967F3E3CB6AC74F372F9563AFACAD966CF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\250bc9e9-25f9-4d08-a405-e35af423b25a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\39c63b76-ece2-4670-b8b1-459766c82289.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6067a396-b206-4c90-858a-224167dbeac8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\75d4a03f-7ca9-4a7a-b75f-0a9b571e78e1.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.0860577245505314
                                                              Encrypted:false
                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BuTgSrs/jHOrZso8XOFyPr:ige+AuV3r
                                                              MD5:0FBF44004FAACAD58D7D72D77E5F5936
                                                              SHA1:9144A80B5DF3D56B22ACD4D2FE69D4943C588594
                                                              SHA-256:EACAF62D5303763B62C35ACFC963A183DE6E9FDE6416133D6EE4733A4145B444
                                                              SHA-512:AD8AFF0D3B4DB9F7F66F4A75D264D6F30BCFF43959A565675B50E9B0863D5C114E0311DABE20820A714AA0CC558A785378057BDFB24BECC0987818A7B2043A39
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3116
                                                              Entropy (8bit):5.301071660764008
                                                              Encrypted:false
                                                              SSDEEP:48:YcCpfC0gCzsBNHtsB2gs6/CileeEsBEuaZakEsBNfcKsBirsBK+HbLesBi+HXsBQ:F2fhUHHS/VkequaZakDDR4b+4T4y
                                                              MD5:CC3FF383AA6C5665D69BA57B1984D921
                                                              SHA1:5BB58A35F0ADE4ECA6C1637D999F2FDD176919F4
                                                              SHA-256:316C58EE07A9F35942BAC4AF0C9089DC104533380AD5EA14DF1CAC669621BFDF
                                                              SHA-512:CB557C34882CE6DCCAA794AD77E63C90EDF4EB5ADDBFD7A4C9CE39E47DAB3FD72BA84CD3C1CF9F2EFB7337D30B7BA6A6B2188F38D14A069FD96932DBEA8FAFCB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584900887424","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584903507302","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370086503913803","port":443,"protocol_str":"quic"

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):1.6519430825545995
                                                              Encrypted:false
                                                              SSDEEP:96:JkIEumQv8m1ccnvS6qD10O2DQnRn2mQoYVZR11jzRViu1a:+IEumQv8m1ccnvS6i24R2lVZRPPE
                                                              MD5:8538A3E10CD3C1EE37D81450FF5DCAA0
                                                              SHA1:ACDF80600522C705E62293827FC859BB32DF4290
                                                              SHA-256:BBCFF857F55B3718633228A036EBBFD10355507CFDB596F4390D07C950456A84
                                                              SHA-512:E02062D25F8CDC2A93DFB183C928B01B6ED9F4D377453985CB5B45758CE59B9C65398680A6EA6B24BAFB2E82FB83ED93AF9CC8F2515A5D9F7B49B954303DECC3
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1feec.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF213bd.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2204f.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.317282717201749
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjZQD2dQXNNTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZt6:YWyWNiD2SdBBv31dB8wXwlmUUAnIMp5O
                                                              MD5:AB3E84140D8CCD12C83D4A61CC68A469
                                                              SHA1:39F899B1A977DB09CD81F7855DE827538620FB46
                                                              SHA-256:649FA45316714F17213E50B3B343099C51DDDC0EB587C8F99CF2F39EB720380C
                                                              SHA-512:5B61DB63F518DCDB009C81BE0BAB97E90D4A3D1BEE9191A92D508D79C98B19AF0CB35BB54F611EF363CBE37308C2CC91F2984FD40B6CC7B13D49004065A75111
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757055309.285376,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725519309.285381}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF32471.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.317282717201749
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjZQD2dQXNNTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZt6:YWyWNiD2SdBBv31dB8wXwlmUUAnIMp5O
                                                              MD5:AB3E84140D8CCD12C83D4A61CC68A469
                                                              SHA1:39F899B1A977DB09CD81F7855DE827538620FB46
                                                              SHA-256:649FA45316714F17213E50B3B343099C51DDDC0EB587C8F99CF2F39EB720380C
                                                              SHA-512:5B61DB63F518DCDB009C81BE0BAB97E90D4A3D1BEE9191A92D508D79C98B19AF0CB35BB54F611EF363CBE37308C2CC91F2984FD40B6CC7B13D49004065A75111
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757055309.285376,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725519309.285381}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b15b9da8-b0bb-4695-8787-35fb51ba4fd7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3116
                                                              Entropy (8bit):5.301071660764008
                                                              Encrypted:false
                                                              SSDEEP:48:YcCpfC0gCzsBNHtsB2gs6/CileeEsBEuaZakEsBNfcKsBirsBK+HbLesBi+HXsBQ:F2fhUHHS/VkequaZakDDR4b+4T4y
                                                              MD5:CC3FF383AA6C5665D69BA57B1984D921
                                                              SHA1:5BB58A35F0ADE4ECA6C1637D999F2FDD176919F4
                                                              SHA-256:316C58EE07A9F35942BAC4AF0C9089DC104533380AD5EA14DF1CAC669621BFDF
                                                              SHA-512:CB557C34882CE6DCCAA794AD77E63C90EDF4EB5ADDBFD7A4C9CE39E47DAB3FD72BA84CD3C1CF9F2EFB7337D30B7BA6A6B2188F38D14A069FD96932DBEA8FAFCB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584900887424","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372584903507302","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370086503913803","port":443,"protocol_str":"quic"

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2832426-8efb-4d04-ad50-66ca1fff40d2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.3242519147723915
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjZQDJaHY8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZtT9N:YWyWNiDeY8Bv31dB8wXwlmUUAnIMp5bn
                                                              MD5:B57DBE24CD2997B5A60DBF03E008C189
                                                              SHA1:52DED057E240634EEA08B517CB8D40FE439A60C5
                                                              SHA-256:C04618C4D1ED4B8CA47B63705F95556E17301FD0F521124C9DD6506916C9FD09
                                                              SHA-512:642125F6CFCE1C3179D31AA45A9A482F9BFBB6742FA60AA5EC39182514B76C647F225381B45C50F2C6326D63385CD9C008C12FAD3A56AA4C55170F98B38E1956
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757055369.379249,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725519369.379256}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2e6afde-9d22-4566-b9bf-aed19cf8df07.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):188
                                                              Entropy (8bit):5.317282717201749
                                                              Encrypted:false
                                                              SSDEEP:3:YWRAWNjZQD2dQXNNTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZt6:YWyWNiD2SdBBv31dB8wXwlmUUAnIMp5O
                                                              MD5:AB3E84140D8CCD12C83D4A61CC68A469
                                                              SHA1:39F899B1A977DB09CD81F7855DE827538620FB46
                                                              SHA-256:649FA45316714F17213E50B3B343099C51DDDC0EB587C8F99CF2F39EB720380C
                                                              SHA-512:5B61DB63F518DCDB009C81BE0BAB97E90D4A3D1BEE9191A92D508D79C98B19AF0CB35BB54F611EF363CBE37308C2CC91F2984FD40B6CC7B13D49004065A75111
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1757055309.285376,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725519309.285381}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f9283df6-51cc-4600-a754-287bc0c0bc7a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8307038620100359
                                                              Encrypted:false
                                                              SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                              MD5:B18967139991D9CA13DF7E493540A358
                                                              SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                              SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                              SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9568
                                                              Entropy (8bit):5.113757853071757
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNP9kq3i8rbV+FZaQAuYPLYJ:sticsPZtJxbG8Q7
                                                              MD5:B0BE1770915B26B0072A84EF39311ED2
                                                              SHA1:D9692FD6C2D83C49677BB4EF7283A001F72E657E
                                                              SHA-256:367A0F161883FB0C6039480B90089849D864C24B6A1C693568D404B4867E252B
                                                              SHA-512:3C15A4737BBB61E9C2FB2AE2E468AE815C0FC671051861F01A6785AE6710ED996EC86476271100F440DD5402242D5B9104C8970A0FEF0C05AA904EAB4139AB33
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF23dda.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9568
                                                              Entropy (8bit):5.113757853071757
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNP9kq3i8rbV+FZaQAuYPLYJ:sticsPZtJxbG8Q7
                                                              MD5:B0BE1770915B26B0072A84EF39311ED2
                                                              SHA1:D9692FD6C2D83C49677BB4EF7283A001F72E657E
                                                              SHA-256:367A0F161883FB0C6039480B90089849D864C24B6A1C693568D404B4867E252B
                                                              SHA-512:3C15A4737BBB61E9C2FB2AE2E468AE815C0FC671051861F01A6785AE6710ED996EC86476271100F440DD5402242D5B9104C8970A0FEF0C05AA904EAB4139AB33
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF284f5.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9568
                                                              Entropy (8bit):5.113757853071757
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNP9kq3i8rbV+FZaQAuYPLYJ:sticsPZtJxbG8Q7
                                                              MD5:B0BE1770915B26B0072A84EF39311ED2
                                                              SHA1:D9692FD6C2D83C49677BB4EF7283A001F72E657E
                                                              SHA-256:367A0F161883FB0C6039480B90089849D864C24B6A1C693568D404B4867E252B
                                                              SHA-512:3C15A4737BBB61E9C2FB2AE2E468AE815C0FC671051861F01A6785AE6710ED996EC86476271100F440DD5402242D5B9104C8970A0FEF0C05AA904EAB4139AB33
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2fa63.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9568
                                                              Entropy (8bit):5.113757853071757
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNP9kq3i8rbV+FZaQAuYPLYJ:sticsPZtJxbG8Q7
                                                              MD5:B0BE1770915B26B0072A84EF39311ED2
                                                              SHA1:D9692FD6C2D83C49677BB4EF7283A001F72E657E
                                                              SHA-256:367A0F161883FB0C6039480B90089849D864C24B6A1C693568D404B4867E252B
                                                              SHA-512:3C15A4737BBB61E9C2FB2AE2E468AE815C0FC671051861F01A6785AE6710ED996EC86476271100F440DD5402242D5B9104C8970A0FEF0C05AA904EAB4139AB33
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):83572
                                                              Entropy (8bit):5.6641372158706424
                                                              Encrypted:false
                                                              SSDEEP:1536:4eL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:7L6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                              MD5:169DFB485E94AA14382E48BF736E9D8C
                                                              SHA1:97704339AE5F6F92FCFA47D648F43B5ED36FB631
                                                              SHA-256:28D4BFB243126A6587863650C4403D6168D5A9192AF836669D8745E0A7C3C2CE
                                                              SHA-512:7135F317717AB2D0FF3B94E2A6D7037744B9050F9FC90949258278162842B80681E7B0C0727AEB6E2B1BC43C4053E979C234CCFF7B9ADC816781E7CE39C44CBB
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1.C..j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13369998965685695..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):315
                                                              Entropy (8bit):5.1939715502623605
                                                              Encrypted:false
                                                              SSDEEP:6:P6Pos1cNwi23oH+TcwtgctZQInvB2KLllGO9q2PcNwi23oH+TcwtgctZQInvIFUv:PMRZYebgGZznvFLnGO9vLZYebgGZznQg
                                                              MD5:4C1B54332E40E6330B0765793D935D62
                                                              SHA1:EFC75342A0947B13BB6455568977E0EC44271E32
                                                              SHA-256:00DD96D35CD4AB7ADB7AE78743187CA2137E9FD2BEA4191CD62816F3EE10A7EF
                                                              SHA-512:75CFDC1EC6BD9F6EA33712DF915D5559F0C2470D8EB900D84441C3162D37A9FABD2BD3303F19D98855D44A72A79BC64BA125D45AA930C5DB7AE3AAAEA04F9178
                                                              Malicious:false
                                                              Preview:2024/09/05-04:36:04.726 1d10 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/05-04:36:04.834 1d10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24853
                                                              Entropy (8bit):5.565789516350033
                                                              Encrypted:false
                                                              SSDEEP:768:cghmKJWPTnfx08F1+UoAYDCx9Tuqh0VfUC9xbog/OVpg6I7rwwpHtuW:cghmKJWPTnfx0u1jaQ5IQctJ
                                                              MD5:CDAB96A038DDBA01FAB637E922D46920
                                                              SHA1:04D37CC9B7D8D876FE1665B8864130B8E0909B32
                                                              SHA-256:BC12E63CF7E3AAFAA0FAA20CBF5D4749D18322339AF5963A70FDFBB59D0A2F8D
                                                              SHA-512:59E7C0387702320ECF46450640E6CA8F26B3CA92E9E14F9CBF764191476B4BB95E8B2A4862C95115BF7968DD747E3ED0FC9195A1649E374FC7FD96E4FD5D88E8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369992898712068","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369992898712068","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF237cf.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24853
                                                              Entropy (8bit):5.565789516350033
                                                              Encrypted:false
                                                              SSDEEP:768:cghmKJWPTnfx08F1+UoAYDCx9Tuqh0VfUC9xbog/OVpg6I7rwwpHtuW:cghmKJWPTnfx0u1jaQ5IQctJ
                                                              MD5:CDAB96A038DDBA01FAB637E922D46920
                                                              SHA1:04D37CC9B7D8D876FE1665B8864130B8E0909B32
                                                              SHA-256:BC12E63CF7E3AAFAA0FAA20CBF5D4749D18322339AF5963A70FDFBB59D0A2F8D
                                                              SHA-512:59E7C0387702320ECF46450640E6CA8F26B3CA92E9E14F9CBF764191476B4BB95E8B2A4862C95115BF7968DD747E3ED0FC9195A1649E374FC7FD96E4FD5D88E8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369992898712068","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369992898712068","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):440
                                                              Entropy (8bit):4.658761163037222
                                                              Encrypted:false
                                                              SSDEEP:12:S+a8ljljljljl2StUNjkL+5++C0Q3NjkL+57nGz3A/XkAvkAvkAv:Ra0ZZZZTtUNjH+zNjH7G0Xk8k8k8
                                                              MD5:539502CB0BB6DD61ADAE2299F9F5312B
                                                              SHA1:A0D3F8C66C4F9B081248144CD10CF88C2BB604A8
                                                              SHA-256:D91C11C05840B336DA664B10122D8384D4CF8BA67272773FD077937A9F2DD8DE
                                                              SHA-512:4DB1F8B351945036532F1620A2B651380842347EA35FCEEE2D28559AC9483A2E3ECB24B9BB9E431E223A8287E547B95DB1053C5F1BF6EAC3CB6B218F909E1287
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............0.x.j................next-map-id.1.Knamespace-e564a086_2880_4437_af23_5fe45706d922-https://accounts.google.com/.0..Uk................next-map-id.2.Lnamespace-e564a086_2880_4437_af23_5fe45706d922-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.117145495760106
                                                              Encrypted:false
                                                              SSDEEP:6:P6cQL+q2PcNwi23oH+TcwtrQMxIFUt82UcGKWZmw+2HFcQLVkwOcNwi23oH+TcwJ:P3Q+vLZYebCFUt82UcGKW/+2HFcQV54h
                                                              MD5:1D5B85B8070B088D0989BB02E25A5136
                                                              SHA1:CD0125F9940B3591B1A4EF5F5117943282A34A34
                                                              SHA-256:3B96E380AF9E7A50B8478E353AF90E0B6726058EE6E83BAAA29F4306778110A9
                                                              SHA-512:8FE71C0956F7E58342F7F0030191BCA1ACB28EE823F27200F4BAB9C7DB7E9B57A984975FC220D7DF9CCD6078298A38DE24BC26AD4E7B9EF6A7E6A66F209A5CC3
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.214 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-02:54:59.216 1e5c Recovering log #3.2024/09/05-02:54:59.220 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.117145495760106
                                                              Encrypted:false
                                                              SSDEEP:6:P6cQL+q2PcNwi23oH+TcwtrQMxIFUt82UcGKWZmw+2HFcQLVkwOcNwi23oH+TcwJ:P3Q+vLZYebCFUt82UcGKW/+2HFcQV54h
                                                              MD5:1D5B85B8070B088D0989BB02E25A5136
                                                              SHA1:CD0125F9940B3591B1A4EF5F5117943282A34A34
                                                              SHA-256:3B96E380AF9E7A50B8478E353AF90E0B6726058EE6E83BAAA29F4306778110A9
                                                              SHA-512:8FE71C0956F7E58342F7F0030191BCA1ACB28EE823F27200F4BAB9C7DB7E9B57A984975FC220D7DF9CCD6078298A38DE24BC26AD4E7B9EF6A7E6A66F209A5CC3
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.214 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-02:54:59.216 1e5c Recovering log #3.2024/09/05-02:54:59.220 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369992901212328

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):12835
                                                              Entropy (8bit):4.099326759364075
                                                              Encrypted:false
                                                              SSDEEP:192:3V+TZIebi3PJFPIebs3PJFsIebIekIz23PJFOIeb+3PJFsIebIekIhW3hhp:cTupJFQbJFFQKJFrRJFFQhW
                                                              MD5:92F891964CAE8D85F0164B221C13CCCB
                                                              SHA1:F9F45C7C3CB3237D01DD644F1D0DB0754CBE4C80
                                                              SHA-256:27E1EB7C2EB8F1D60AF739507CDBBBFB2373AE30A82771A6C874834C4303ADB8
                                                              SHA-512:404717168C8640723A72B0494F0862076895BC79EEBF4ABB563A5EDE0468441AFC749529622D59A1F8846F44A216D24363DC622E85CF1DD0BD190162DCF94EE5
                                                              Malicious:false
                                                              Preview:SNSS.......P..............P........."P..............P..........P..........Q..........Q.......!..Q..................................P...Q...1..,...Q...$...e564a086_2880_4437_af23_5fe45706d922...P..........Q.......2.}........P......P..........................P..........................P..........................P.......................5..0...P...&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}.....P..............Q..................Q...o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64....................Q..................Q...o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Br

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.44194574462308833
                                                              Encrypted:false
                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):358
                                                              Entropy (8bit):5.162647757197194
                                                              Encrypted:false
                                                              SSDEEP:6:PQTOI+q2PcNwi23oH+Tcwt7Uh2ghZIFUt82QzGZmw+2QzCVkwOcNwi23oH+Tcwts:PQsvLZYebIhHh2FUt82v/+2954ZYebIT
                                                              MD5:614C6728D997A6DF6F779CF167A3B929
                                                              SHA1:F1219F8A8F69C4B563C156A1148B384DE683D454
                                                              SHA-256:DE5A8CFAFFEBC01743BF8222B355BADCECDFA66AFD4FA672FCB00ED3F01C8E6C
                                                              SHA-512:95C71085DABCAA425D645962B25CE94ACE5EA009FFA6A5EEC21E3DFD1937D0E17758C7631627179568E7AFCD2424DBDA263AEC774C5125A1E8C85801C31E116E
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.802 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-02:54:58.803 1d98 Recovering log #3.2024/09/05-02:54:58.803 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):358
                                                              Entropy (8bit):5.162647757197194
                                                              Encrypted:false
                                                              SSDEEP:6:PQTOI+q2PcNwi23oH+Tcwt7Uh2ghZIFUt82QzGZmw+2QzCVkwOcNwi23oH+Tcwts:PQsvLZYebIhHh2FUt82v/+2954ZYebIT
                                                              MD5:614C6728D997A6DF6F779CF167A3B929
                                                              SHA1:F1219F8A8F69C4B563C156A1148B384DE683D454
                                                              SHA-256:DE5A8CFAFFEBC01743BF8222B355BADCECDFA66AFD4FA672FCB00ED3F01C8E6C
                                                              SHA-512:95C71085DABCAA425D645962B25CE94ACE5EA009FFA6A5EEC21E3DFD1937D0E17758C7631627179568E7AFCD2424DBDA263AEC774C5125A1E8C85801C31E116E
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.802 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-02:54:58.803 1d98 Recovering log #3.2024/09/05-02:54:58.803 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0018090556708630736
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zEZlxul:/M/xT02zWul
                                                              MD5:C2D4D3000F555FE92AE6DB831025165F
                                                              SHA1:76A5819B44ED2A46201F7F0A4C608C2F6D9F80E3
                                                              SHA-256:A66F06BE219D32F59A255AE2103D965F15F1A1CE9DDF5AE40D9BDE41C163A45F
                                                              SHA-512:F138ABC5FE4BB65F73AB32EDB96757F6FC9AFFBED68B98E9764EE5A735E297706480DF3030E794B0DEE893C3126B1EAF4DC841CEDD88056553055F7A36383803
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):440
                                                              Entropy (8bit):5.230597911718289
                                                              Encrypted:false
                                                              SSDEEP:12:PFWQ+vLZYebvqBQFUt82LGKW/+2+QV54ZYebvqBvJ:M5lYebvZg8GGKbSoYebvk
                                                              MD5:3B29ED6D6135AC4F5A10BC141F77E0AB
                                                              SHA1:7E0EF8162B042D79CAEDEC0A9B0BF6C2E771405D
                                                              SHA-256:D83335BC658B7E4CFF8044F1A2FE0F9D0D5C1B9BD4BE255680A0D0C69BC41179
                                                              SHA-512:52A1E635DC78CEB8132697D3A41F919D7566DBBF2041E73F95C4F195D591D1B117654FC7CC6E9C77DDF53780C877A8D1FD09F55E1B216610ED1F73651904C182
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.657 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-02:54:59.658 1e5c Recovering log #3.2024/09/05-02:54:59.660 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):440
                                                              Entropy (8bit):5.230597911718289
                                                              Encrypted:false
                                                              SSDEEP:12:PFWQ+vLZYebvqBQFUt82LGKW/+2+QV54ZYebvqBvJ:M5lYebvZg8GGKbSoYebvk
                                                              MD5:3B29ED6D6135AC4F5A10BC141F77E0AB
                                                              SHA1:7E0EF8162B042D79CAEDEC0A9B0BF6C2E771405D
                                                              SHA-256:D83335BC658B7E4CFF8044F1A2FE0F9D0D5C1B9BD4BE255680A0D0C69BC41179
                                                              SHA-512:52A1E635DC78CEB8132697D3A41F919D7566DBBF2041E73F95C4F195D591D1B117654FC7CC6E9C77DDF53780C877A8D1FD09F55E1B216610ED1F73651904C182
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.657 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-02:54:59.658 1e5c Recovering log #3.2024/09/05-02:54:59.660 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\20ea24cb-c172-457d-b103-1ea4a0cbea82.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\787f629b-d3aa-410a-956f-785201740551.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9425a53e-0ab6-48c8-b6d2-20517f1b1818.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF213bd.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2204f.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.3886039372934488
                                                              Encrypted:false
                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f533d3ac-2668-4cb3-8ba4-c757b7d0c1c2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):3.4921535629071894
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):428
                                                              Entropy (8bit):5.2351150726051445
                                                              Encrypted:false
                                                              SSDEEP:12:PwfQ+vLZYebvqBZFUt82bGKW/+20QV54ZYebvqBaJ:4f5lYebvyg8KGKFSoYebvL
                                                              MD5:72CA0ECD1039F03CFD3230D49679D9D8
                                                              SHA1:954010AB126D7877239209EF7917E3C4D51430FD
                                                              SHA-256:5C4255747B875FE7045723C5783424E798A3924AE305394FDC0399DBD0A23F95
                                                              SHA-512:B7CA0FEB0A0CFA8F8C20DF69E2548B814323382DB8892EF9B9CE3A096621B8D8B0EB94F951C17A32434745A4AD147C21A543B1FDDCD030799095C76D6B8344DB
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:18.725 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-02:55:18.726 1e5c Recovering log #3.2024/09/05-02:55:18.729 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):428
                                                              Entropy (8bit):5.2351150726051445
                                                              Encrypted:false
                                                              SSDEEP:12:PwfQ+vLZYebvqBZFUt82bGKW/+20QV54ZYebvqBaJ:4f5lYebvyg8KGKFSoYebvL
                                                              MD5:72CA0ECD1039F03CFD3230D49679D9D8
                                                              SHA1:954010AB126D7877239209EF7917E3C4D51430FD
                                                              SHA-256:5C4255747B875FE7045723C5783424E798A3924AE305394FDC0399DBD0A23F95
                                                              SHA-512:B7CA0FEB0A0CFA8F8C20DF69E2548B814323382DB8892EF9B9CE3A096621B8D8B0EB94F951C17A32434745A4AD147C21A543B1FDDCD030799095C76D6B8344DB
                                                              Malicious:false
                                                              Preview:2024/09/05-02:55:18.725 1e5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-02:55:18.726 1e5c Recovering log #3.2024/09/05-02:55:18.729 1e5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.256412447554069
                                                              Encrypted:false
                                                              SSDEEP:6:PQVEqM+q2PcNwi23oH+TcwtpIFUt82Q3pZZmw+2Q3pMMVkwOcNwi23oH+Tcwta/o:PMEqM+vLZYebmFUt82Sz/+2SOMV54ZYM
                                                              MD5:9B7D5D09272D3EB4435756DF558D974B
                                                              SHA1:356246A18A545E3B20F67AD54BFDD44F01887440
                                                              SHA-256:9398F1ADF6F97F7F10E20FC9A68DD3A853AABEF00D45D47D25C85CCA224E3BDE
                                                              SHA-512:19DA1895B7708ADE4364FD4569061AAD55D517A272E7C0DBB46BA705F7A67062B2B7F93B5FFFF375FC6C5698917AB95176CEF0D817694DCCF5B65563290386A6
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.713 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-02:54:58.714 1d8c Recovering log #3.2024/09/05-02:54:58.714 1d8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.256412447554069
                                                              Encrypted:false
                                                              SSDEEP:6:PQVEqM+q2PcNwi23oH+TcwtpIFUt82Q3pZZmw+2Q3pMMVkwOcNwi23oH+Tcwta/o:PMEqM+vLZYebmFUt82Sz/+2SOMV54ZYM
                                                              MD5:9B7D5D09272D3EB4435756DF558D974B
                                                              SHA1:356246A18A545E3B20F67AD54BFDD44F01887440
                                                              SHA-256:9398F1ADF6F97F7F10E20FC9A68DD3A853AABEF00D45D47D25C85CCA224E3BDE
                                                              SHA-512:19DA1895B7708ADE4364FD4569061AAD55D517A272E7C0DBB46BA705F7A67062B2B7F93B5FFFF375FC6C5698917AB95176CEF0D817694DCCF5B65563290386A6
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:58.713 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-02:54:58.714 1d8c Recovering log #3.2024/09/05-02:54:58.714 1d8c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005582420312713277
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVYDitl8Bll/lSl/l8xll:IiVYmsB/A8j
                                                              MD5:910C554F99B0412B0C12708C006F73A2
                                                              SHA1:C07D5E1F89743DF057DD5881814C360EAF9DE3D3
                                                              SHA-256:8AF9B181CAAD01830D6764AA78B34F777EA007ACF88B0F3B4CDDAEDFBDE02F9A
                                                              SHA-512:81F15B8D59F427D92EBD8C61E8EB7331A27F82EAB89DEEB9EDF48CBE615E9A2A7B8CE05082D5D960DFDF408430216EC8C7910C57B3DAB099F1BC29E0DC511958
                                                              Malicious:false
                                                              Preview:VLnk.....?......[.}..'Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.2653083257485114
                                                              Encrypted:false
                                                              SSDEEP:768:K0q+n0JI9ELyKOMq+8HKkjuczRv89Cll:KInkLIRj7zR0cll
                                                              MD5:B4F841AE69CCECCA25FEC3CE30518E56
                                                              SHA1:DC05E002C9819EB450C398425DE1A6D7F00B6209
                                                              SHA-256:F1E7D4A2E974E3161A5C8695DADF7680181E07A705DBB309CC35B24EADC6E8E6
                                                              SHA-512:E7B1E6F0EB0552662644812473A907F955CEA29F7A564020FFC5D7D7CE7E5F107649039CBACB4A3B23B21F4B4082A8D84D2B1BC93D46E25BD58E162A3F34F14A
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                              Category:dropped
                                                              Size (bytes):14336
                                                              Entropy (8bit):1.4182204641879237
                                                              Encrypted:false
                                                              SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgZ2RyZebdg8RJr2RyZebdg4xj/:ftSjGhp22iSZIebbAIeb1
                                                              MD5:5056B83F71C6B0E55E9E26E74380297A
                                                              SHA1:38A47A3E71CA6003AFEA4BE04898C2746BEA333C
                                                              SHA-256:CA0569B4D027028B2FEB7D4475C4F49B601624DDFBEC7B24403DD6B99232D284
                                                              SHA-512:A51E7F69CD3ED86FCAD0D7D6A0420941E479A736B6D3553F14161C4C62994BD58DB1E5FB3B27A8A1A1AD7A6654E208F14FDE5696C876AA74615A504399044A3B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.41235120905181716
                                                              Encrypted:false
                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a93ec414-b1b2-4135-b622-01435bbf3789.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):10326
                                                              Entropy (8bit):5.210339013686023
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNPpYMKUgkq3i8rbV+FZaQAS3PLYJ:sticsPZtJp3KUEbG8Q9I
                                                              MD5:41D98D4F0A30E912937AD2CBB079684B
                                                              SHA1:A833D74D2058B5CC3D7EC75F6B493981F5E0774E
                                                              SHA-256:7D9D81633937CDCE225CB7DDBEF678F5288741929DF3DA8BB68DCF59CBC77B44
                                                              SHA-512:D619E83C47790CC24CD3EC19A281787E7E0B6E651E9475EE5F8DD106845469717AEFD2CFB0F4DFACBB1A0F0311EAB36A6790DC835826863C24C8EBAB9BC32C87
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11755
                                                              Entropy (8bit):5.190465908239046
                                                              Encrypted:false
                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                              Malicious:false
                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b8dcf8cf-b61c-4e67-9056-8e805b10ea70.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):10326
                                                              Entropy (8bit):5.210161644139102
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNPpYMKUgkq3i8rbV+FZaQAz3PLYJ:sticsPZtJp3KUEbG8QII
                                                              MD5:78E36412867B6BEC9AB84615DEF9222B
                                                              SHA1:ABD990D3489B782840065BD5674ACF3E202314E1
                                                              SHA-256:0BA807A19672503F7738C26757561D491B8BD5F81E00FD83DEC19FFF69E6B8F2
                                                              SHA-512:FC7C528955A376AC9735A062A15743423DEF099F2A50A62A464CFB687E4FDB166F8DFDB1D6F2C8AF79DF9DC8F4116EC44C7F5E1DBA2B51F77A4D8E4AB47AA6C0
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bb392e34-6da0-4619-80a2-a50eea719b3e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):9568
                                                              Entropy (8bit):5.113757853071757
                                                              Encrypted:false
                                                              SSDEEP:192:stikdbsPZyaNP9kq3i8rbV+FZaQAuYPLYJ:sticsPZtJxbG8Q7
                                                              MD5:B0BE1770915B26B0072A84EF39311ED2
                                                              SHA1:D9692FD6C2D83C49677BB4EF7283A001F72E657E
                                                              SHA-256:367A0F161883FB0C6039480B90089849D864C24B6A1C693568D404B4867E252B
                                                              SHA-512:3C15A4737BBB61E9C2FB2AE2E468AE815C0FC671051861F01A6785AE6710ED996EC86476271100F440DD5402242D5B9104C8970A0FEF0C05AA904EAB4139AB33
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369992899268215","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c15bd16e-7c7d-44b6-a107-cd5bdd8e5a01.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24853
                                                              Entropy (8bit):5.565789516350033
                                                              Encrypted:false
                                                              SSDEEP:768:cghmKJWPTnfx08F1+UoAYDCx9Tuqh0VfUC9xbog/OVpg6I7rwwpHtuW:cghmKJWPTnfx0u1jaQ5IQctJ
                                                              MD5:CDAB96A038DDBA01FAB637E922D46920
                                                              SHA1:04D37CC9B7D8D876FE1665B8864130B8E0909B32
                                                              SHA-256:BC12E63CF7E3AAFAA0FAA20CBF5D4749D18322339AF5963A70FDFBB59D0A2F8D
                                                              SHA-512:59E7C0387702320ECF46450640E6CA8F26B3CA92E9E14F9CBF764191476B4BB95E8B2A4862C95115BF7968DD747E3ED0FC9195A1649E374FC7FD96E4FD5D88E8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369992898712068","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369992898712068","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.3410017321959524
                                                              Encrypted:false
                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\de71d4bb-0b92-4930-9466-9a3f2fc5e398.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):30244
                                                              Entropy (8bit):5.5664798080310876
                                                              Encrypted:false
                                                              SSDEEP:768:cghm1T7pLGLvsJWPTnf608F1+UoAYDCx9Tuqh0VfUC9xbog/OVaX+g6I7rwQpHt/:cghm1FcvsJWPTnf60u1jaHX+5IQ8t/
                                                              MD5:33BA74B4482E7C1DC35E11668E1EBD14
                                                              SHA1:7E4B9CF19DD5235FE199A8A90DD37CA85E47ADBB
                                                              SHA-256:30AAB82864458B1F3D07D5EA9566480A094CFFD850892E81244E213693DCF98E
                                                              SHA-512:146CA398D6F345249352D26B0C4031F4F02D55DB134DA2793F7D1D287970AB818DC49BB08F58E0309B80FD09CA36C5BF3C4E9BFE86067251EFEAFDDF4684FAF6
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369992898712068","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369992898712068","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f1d571f8-9a09-4353-b0dd-0a2b68d1480a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.11599036706365512
                                                              Encrypted:false
                                                              SSDEEP:12:WtftAApEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtftLoPnnnnnnnnnnnnnnnvN3zd
                                                              MD5:1C08C991E7837480551442F5A0EF995D
                                                              SHA1:26D640F6888E1F3D43EA18DC1108D4749A8F7604
                                                              SHA-256:F633F5F4FA0B656D2463FCEB42C0DE06907C364ED3A4114618F0B68F5E07028E
                                                              SHA-512:49F08759D35C4ED4BDA7F67BBA5A264BD437A6A703495BD09B12527A1A21077158D28CF8C08FFC4EEBCA7965E368174714E1BD73D3EEBF92B5C14BA3C425E3E8
                                                              Malicious:false
                                                              Preview:..-.............]...........E...3.-.....aS.Y...-.............]...........E...3.-.....aS.Y.........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):383192
                                                              Entropy (8bit):1.0822261008396108
                                                              Encrypted:false
                                                              SSDEEP:192:r9ZBTb0JMBHQAy78M7M809SOH5vUQS+qvx1SJzqvG7SKdzqvsKS2BKdzqvFSzzJL:hH1y78MQmO4UeUHzkw+2s1f3rGJISN
                                                              MD5:1B82095AE5C7A3B2324A42A375903D30
                                                              SHA1:4175CCC717F65CCF3D45012C01A4D0FBA1A9ED54
                                                              SHA-256:FD4EC6E956DD1904D824A7C59A67EFA724BD69602C25E389FF1A6C3E07F2837F
                                                              SHA-512:D112C7A28E3CA78A44ECB2F70F27F275468BD16177DCBFBF48F536C6C4FFE8F0FA0BE21A6B00EAA31DB2C0C1354CB8F301F684759F4FA88436CEBEEE62A45E16
                                                              Malicious:false
                                                              Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):514
                                                              Entropy (8bit):3.5664400555998137
                                                              Encrypted:false
                                                              SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuuua+KsedhOjOsEEEE:llc8BOuuuuuuuuuuuuaG8er
                                                              MD5:9F07CBC87373D15FBD5870E6DD06BD63
                                                              SHA1:8D96F40028B3AEF23D3BB5F0ABFB966768FD8A53
                                                              SHA-256:0A4DBAE35C4012A69CD38A85E2E5003C3928716EAF1211A0328FC5F15116643A
                                                              SHA-512:0CFF00F5EE9B67337D0A3B747FA2C831BA834DC8C1D0D48501BC11641BC7A199AB1FAAC5F78EDF4ABC82D0ECC8EEE0AC12D543E8684E28A694C300BAC42D1261
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................(..0................39_config..........6.....n ...1V.e................V.e................V.e................V.e................V.e................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.27030023442329
                                                              Encrypted:false
                                                              SSDEEP:6:PZN9+q2PcNwi23oH+TcwtfrK+IFUt82VaJZmw+2bQN9VkwOcNwi23oH+TcwtfrUQ:PUvLZYeb23FUt82VE/+2bQF54ZYeb3J
                                                              MD5:DAB451FAC4C0AAD0D635136B4F182CD5
                                                              SHA1:DD03EFA7C93BF12581EDF01E5F53F648D0D71718
                                                              SHA-256:222C989551A9B3E361BE55C455BB69665411460707728163BEAD6024374B3EC5
                                                              SHA-512:ACC8DB1486DAC1EC9D826892FC28F777B2A39A7E35E2C3CBCF1632512A2E4DFA35E2B258F3C7E440B22058A6163125ED57DE703D5DD668128247ED003EDB7C5C
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.368 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-02:54:59.369 1d88 Recovering log #3.2024/09/05-02:54:59.370 1d88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):330
                                                              Entropy (8bit):5.27030023442329
                                                              Encrypted:false
                                                              SSDEEP:6:PZN9+q2PcNwi23oH+TcwtfrK+IFUt82VaJZmw+2bQN9VkwOcNwi23oH+TcwtfrUQ:PUvLZYeb23FUt82VE/+2bQF54ZYeb3J
                                                              MD5:DAB451FAC4C0AAD0D635136B4F182CD5
                                                              SHA1:DD03EFA7C93BF12581EDF01E5F53F648D0D71718
                                                              SHA-256:222C989551A9B3E361BE55C455BB69665411460707728163BEAD6024374B3EC5
                                                              SHA-512:ACC8DB1486DAC1EC9D826892FC28F777B2A39A7E35E2C3CBCF1632512A2E4DFA35E2B258F3C7E440B22058A6163125ED57DE703D5DD668128247ED003EDB7C5C
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.368 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-02:54:59.369 1d88 Recovering log #3.2024/09/05-02:54:59.370 1d88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):782
                                                              Entropy (8bit):4.049291162962452
                                                              Encrypted:false
                                                              SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                              MD5:FDF465758A7489458B387EB41C7D42B0
                                                              SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                              SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                              SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):348
                                                              Entropy (8bit):5.251543998002447
                                                              Encrypted:false
                                                              SSDEEP:6:PyF9+q2PcNwi23oH+TcwtfrzAdIFUt82JDJZmw+2JD9VkwOcNwi23oH+TcwtfrzS:P/vLZYeb9FUt82JF/+2JX54ZYeb2J
                                                              MD5:F528C5D6E880AE1E0C4571B20E698516
                                                              SHA1:A2BC0E872A53C486A105036DF37725AE5C93A293
                                                              SHA-256:7ACD9C99FA86BE6F40A27772008E7FE540F87901DD79D4959D5E27AFA66E3D83
                                                              SHA-512:76DCB667DD81230EF6918D53D72C3C6BEAADC5CE709A050AE511A5FCEF662DE533289758D942A4BD1BB2B36876F4C2F33F1DB77A72C4ED93FCCE0CCD5E18B088
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.321 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-02:54:59.366 1d88 Recovering log #3.2024/09/05-02:54:59.366 1d88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):348
                                                              Entropy (8bit):5.251543998002447
                                                              Encrypted:false
                                                              SSDEEP:6:PyF9+q2PcNwi23oH+TcwtfrzAdIFUt82JDJZmw+2JD9VkwOcNwi23oH+TcwtfrzS:P/vLZYeb9FUt82JF/+2JX54ZYeb2J
                                                              MD5:F528C5D6E880AE1E0C4571B20E698516
                                                              SHA1:A2BC0E872A53C486A105036DF37725AE5C93A293
                                                              SHA-256:7ACD9C99FA86BE6F40A27772008E7FE540F87901DD79D4959D5E27AFA66E3D83
                                                              SHA-512:76DCB667DD81230EF6918D53D72C3C6BEAADC5CE709A050AE511A5FCEF662DE533289758D942A4BD1BB2B36876F4C2F33F1DB77A72C4ED93FCCE0CCD5E18B088
                                                              Malicious:false
                                                              Preview:2024/09/05-02:54:59.321 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-02:54:59.366 1d88 Recovering log #3.2024/09/05-02:54:59.366 1d88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):120
                                                              Entropy (8bit):3.32524464792714
                                                              Encrypted:false
                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                              Malicious:false
                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1e5f6.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1e605.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1e8d4.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF210a0.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fa06.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32154.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF355a3.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):56066
                                                              Entropy (8bit):6.103085784744966
                                                              Encrypted:false
                                                              SSDEEP:1536:z/Ps+wsI7yn8PGWv/sxtwA7VLyMV/YoskFoz:z/0+zI7yn4v/4KSVeZoskG
                                                              MD5:4DCF8C5AC391BFB7C672C9307FC1E57F
                                                              SHA1:EC0E8847F4D79652E9CA23B020AE827756D2A77D
                                                              SHA-256:FEFDC05D9ACF946BFAFA024EAB309DC195B5DDD91F37B86201B3E423B84F16AD
                                                              SHA-512:718D3599D746F59C800273DF0732EF8EAB685D4361AFC46A283D79A487CF05A9455E32E83FECC565DD9AD938A818744922399F9A3782BD5612F5529E95120D05
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5963118027796015
                                                              Encrypted:false
                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.3818353308528755
                                                              Encrypted:false
                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                              MD5:48324111147DECC23AC222A361873FC5
                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                              Malicious:false
                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35
                                                              Entropy (8bit):4.014438730983427
                                                              Encrypted:false
                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                              Malicious:false
                                                              Preview:{"forceServiceDetermination":false}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):50
                                                              Entropy (8bit):3.9904355005135823
                                                              Encrypted:false
                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                              Malicious:false
                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):575056
                                                              Entropy (8bit):7.999649474060713
                                                              Encrypted:true
                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                              Malicious:false
                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.3751917412896075
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                              MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                              SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                              SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                              SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8552cb0-3a3e-4f90-83a1-c5708d73064f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):58943
                                                              Entropy (8bit):6.100355728077463
                                                              Encrypted:false
                                                              SSDEEP:1536:mMGQ5XMBGakIiPGWv/sxtwmbj59+FFoK7VLyMV/YosA:mMrJM8tTv/4Ke9+LbVeZosA
                                                              MD5:799FCA3C3E638BAD07005111AD7B96DB
                                                              SHA1:E05E17096AAA5753D6A2826DD14A1D29948C1C60
                                                              SHA-256:91F39AB2CCAB2E7CF8568B69907F4BFC7753D517EB59CE9181FCABC9EE631641
                                                              SHA-512:9050D9AEA8B3C91C0D4265DE5CCB8E3BED1D45D429B91C5838A029F167EF4ACED23B0763D49851FE21901DD0BD4E78BFA442263F3FFBC0749DFB18425E87169D
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.8416716535185857
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgxIxl9Il8ufwM1kltIaSXU4LkM7nd1rc:m1YKMitIad4LkMU
                                                              MD5:E8B6C3AD9A9B824B5C9CDD319A7790F0
                                                              SHA1:0C00B8429311D41F600D140402F15AF9DC0E5826
                                                              SHA-256:EBC4A2F65057B9614EDA21112689B6987AADA69AE4F3EA9BA05F1342188E85C3
                                                              SHA-512:F9650341FDB50CD25D2046C4AE696C639432D7CFBB8B352DF01EC71A9A3D115687BB5C38FA462179490F6FC5439BAED0FE2E58B37059E8FE7C35D00220278ECA
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.M.9./.6.W.j./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.6.+.w.I.o.Q.

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4622
                                                              Entropy (8bit):3.9964422403328363
                                                              Encrypted:false
                                                              SSDEEP:96:Y0YfRANQKFRb9Lc3DgIfVg7JOanzJX+/6URfl/sVuG9U:Y0TNQkRb9Lczgguz51UJl/+uG6
                                                              MD5:6E0FD93B34A058A6A373E2BA4914CC49
                                                              SHA1:F62D701D6F1F47E5B9B72AA5582A37273C31BA09
                                                              SHA-256:FDA341BE562B051D238122DBEDD5FDCCD233698EDF5E19D1D2E931BBBD7D1D45
                                                              SHA-512:19CAF0CE4E2F7B6A819C23D82633332A5144B359AA5723A2AAC0FD9A46587AC7BFCCBD82A2D4356695F05EFD4B0D05FD683D6F2D084AF76EC6DC37B98FDA45EB
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".r.I.F.g.z.2.D./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.A.4.K.R.k.g.

                                                              C:\Users\user\AppData\Local\Temp\1603de52-9844-4f86-8b3d-edb759dd70c9.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\4316a4c8-d72c-4045-9324-266b60d2981d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\63727a46-fc03-42ea-af6c-44b3c1999381.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                              Category:dropped
                                                              Size (bytes):76326
                                                              Entropy (8bit):7.9961120748813075
                                                              Encrypted:true
                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                              MD5:01E352D35675990A139199DD86B38AAC
                                                              SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                              SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                              SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                              Malicious:false
                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                              C:\Users\user\AppData\Local\Temp\73d776ed-7634-499e-9304-ae9828a598e0.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                              Category:dropped
                                                              Size (bytes):206855
                                                              Entropy (8bit):7.983996634657522
                                                              Encrypted:false
                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                              Malicious:false
                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                              C:\Users\user\AppData\Local\Temp\cf0aa122-14fe-4d44-8bee-ad8ecbab65f3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                                              Category:dropped
                                                              Size (bytes):524768
                                                              Entropy (8bit):7.9981381891778724
                                                              Encrypted:true
                                                              SSDEEP:12288:CMeMmz8fmcGDwmyu0bCD7g5jz/H9mf+x4AsLXZ+E70G8OlmP6:53mz8eAmx12jzPO+x4AsLXZbx8OJ
                                                              MD5:F20FFF1CEB13A3E90622B469182AA125
                                                              SHA1:5362FC4CBB7557934CAEF43643216BEA1E786076
                                                              SHA-256:8407AAD102C6B0DE05CCE9148200654C14E05E3E3E1A05657A7E23AFB29F4808
                                                              SHA-512:29AD0D4D7E5B2D404F30D494DBF7C2D491E15E516241D685D597FB183FF7B95B0C6D94B24EED926B081277ABD8E6E74FCA3EF124D8728CE61226959F431DEAC3
                                                              Malicious:false
                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1420
                                                              Entropy (8bit):5.409872580127338
                                                              Encrypted:false
                                                              SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0Ryt9UvA5KVE50RVk5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5m
                                                              MD5:0808B0BCCB5683305F94669AADC32DB1
                                                              SHA1:8706DFA6691323F273A9888EE717F1EF3E1A8A61
                                                              SHA-256:45867F95901285ED0DD0A567CAD6747058F7258B10060B533BEA809071161E2F
                                                              SHA-512:43C9F561A9CB76B4C44552AF8FA048C064950A4146A083E2E6248FCAD489E317B0240998F7125D6431AD62F0250DC648886C4A9AAC76A3D6B4E149709B20A46A
                                                              Malicious:false
                                                              Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                              C:\Users\user\AppData\Local\Temp\d1e68d13-0e58-4eb8-8ad7-bd2dc972912a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\d9e5d600-cfb3-4524-bd2b-3ed0b6820674.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\128.png

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):4982
                                                              Entropy (8bit):7.929761711048726
                                                              Encrypted:false
                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                              Malicious:false
                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\af\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):908
                                                              Entropy (8bit):4.512512697156616
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\am\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1285
                                                              Entropy (8bit):4.702209356847184
                                                              Encrypted:false
                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ar\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1244
                                                              Entropy (8bit):4.5533961615623735
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\az\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.867640976960053
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\be\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3107
                                                              Entropy (8bit):3.535189746470889
                                                              Encrypted:false
                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\bg\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1389
                                                              Entropy (8bit):4.561317517930672
                                                              Encrypted:false
                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\bn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1763
                                                              Entropy (8bit):4.25392954144533
                                                              Encrypted:false
                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ca\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):930
                                                              Entropy (8bit):4.569672473374877
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\cs\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):913
                                                              Entropy (8bit):4.947221919047
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\cy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):806
                                                              Entropy (8bit):4.815663786215102
                                                              Encrypted:false
                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\da\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):883
                                                              Entropy (8bit):4.5096240460083905
                                                              Encrypted:false
                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\de\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1031
                                                              Entropy (8bit):4.621865814402898
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\el\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1613
                                                              Entropy (8bit):4.618182455684241
                                                              Encrypted:false
                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\en\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\en_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\en_GB\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):848
                                                              Entropy (8bit):4.494568170878587
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\en_US\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1425
                                                              Entropy (8bit):4.461560329690825
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                              Malicious:false
                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\es\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):961
                                                              Entropy (8bit):4.537633413451255
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\es_419\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):959
                                                              Entropy (8bit):4.570019855018913
                                                              Encrypted:false
                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\et\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):968
                                                              Entropy (8bit):4.633956349931516
                                                              Encrypted:false
                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\eu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):838
                                                              Entropy (8bit):4.4975520913636595
                                                              Encrypted:false
                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\fa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1305
                                                              Entropy (8bit):4.673517697192589
                                                              Encrypted:false
                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\fi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):911
                                                              Entropy (8bit):4.6294343834070935
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\fil\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):939
                                                              Entropy (8bit):4.451724169062555
                                                              Encrypted:false
                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\fr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.622066056638277
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\fr_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):972
                                                              Entropy (8bit):4.621319511196614
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\gl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):990
                                                              Entropy (8bit):4.497202347098541
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\gu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1658
                                                              Entropy (8bit):4.294833932445159
                                                              Encrypted:false
                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\hi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1672
                                                              Entropy (8bit):4.314484457325167
                                                              Encrypted:false
                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\hr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):935
                                                              Entropy (8bit):4.6369398601609735
                                                              Encrypted:false
                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\hu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1065
                                                              Entropy (8bit):4.816501737523951
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\hy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2771
                                                              Entropy (8bit):3.7629875118570055
                                                              Encrypted:false
                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\id\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):858
                                                              Entropy (8bit):4.474411340525479
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\is\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):954
                                                              Entropy (8bit):4.631887382471946
                                                              Encrypted:false
                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\it\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):899
                                                              Entropy (8bit):4.474743599345443
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\iw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2230
                                                              Entropy (8bit):3.8239097369647634
                                                              Encrypted:false
                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ja\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1160
                                                              Entropy (8bit):5.292894989863142
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ka\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3264
                                                              Entropy (8bit):3.586016059431306
                                                              Encrypted:false
                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\kk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3235
                                                              Entropy (8bit):3.6081439490236464
                                                              Encrypted:false
                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\km\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3122
                                                              Entropy (8bit):3.891443295908904
                                                              Encrypted:false
                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\kn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1880
                                                              Entropy (8bit):4.295185867329351
                                                              Encrypted:false
                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ko\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1042
                                                              Entropy (8bit):5.3945675025513955
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\lo\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2535
                                                              Entropy (8bit):3.8479764584971368
                                                              Encrypted:false
                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\lt\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1028
                                                              Entropy (8bit):4.797571191712988
                                                              Encrypted:false
                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                              MD5:970544AB4622701FFDF66DC556847652
                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\lv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):994
                                                              Entropy (8bit):4.700308832360794
                                                              Encrypted:false
                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ml\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2091
                                                              Entropy (8bit):4.358252286391144
                                                              Encrypted:false
                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\mn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2778
                                                              Entropy (8bit):3.595196082412897
                                                              Encrypted:false
                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\mr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1719
                                                              Entropy (8bit):4.287702203591075
                                                              Encrypted:false
                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ms\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):936
                                                              Entropy (8bit):4.457879437756106
                                                              Encrypted:false
                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\my\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3830
                                                              Entropy (8bit):3.5483353063347587
                                                              Encrypted:false
                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                              MD5:342335A22F1886B8BC92008597326B24
                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ne\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1898
                                                              Entropy (8bit):4.187050294267571
                                                              Encrypted:false
                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\nl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.513485418448461
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\no\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):878
                                                              Entropy (8bit):4.4541485835627475
                                                              Encrypted:false
                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\pa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2766
                                                              Entropy (8bit):3.839730779948262
                                                              Encrypted:false
                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\pl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):978
                                                              Entropy (8bit):4.879137540019932
                                                              Encrypted:false
                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\pt_BR\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):907
                                                              Entropy (8bit):4.599411354657937
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\pt_PT\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.604761241355716
                                                              Encrypted:false
                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ro\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):937
                                                              Entropy (8bit):4.686555713975264
                                                              Encrypted:false
                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ru\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1337
                                                              Entropy (8bit):4.69531415794894
                                                              Encrypted:false
                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\si\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2846
                                                              Entropy (8bit):3.7416822879702547
                                                              Encrypted:false
                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\sk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):934
                                                              Entropy (8bit):4.882122893545996
                                                              Encrypted:false
                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\sl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):963
                                                              Entropy (8bit):4.6041913416245
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\sr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1320
                                                              Entropy (8bit):4.569671329405572
                                                              Encrypted:false
                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\sv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):884
                                                              Entropy (8bit):4.627108704340797
                                                              Encrypted:false
                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\sw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):980
                                                              Entropy (8bit):4.50673686618174
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ta\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1941
                                                              Entropy (8bit):4.132139619026436
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\te\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1969
                                                              Entropy (8bit):4.327258153043599
                                                              Encrypted:false
                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\th\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1674
                                                              Entropy (8bit):4.343724179386811
                                                              Encrypted:false
                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\tr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1063
                                                              Entropy (8bit):4.853399816115876
                                                              Encrypted:false
                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\uk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1333
                                                              Entropy (8bit):4.686760246306605
                                                              Encrypted:false
                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\ur\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1263
                                                              Entropy (8bit):4.861856182762435
                                                              Encrypted:false
                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\vi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1074
                                                              Entropy (8bit):5.062722522759407
                                                              Encrypted:false
                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\zh_CN\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):879
                                                              Entropy (8bit):5.7905809868505544
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\zh_HK\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1205
                                                              Entropy (8bit):4.50367724745418
                                                              Encrypted:false
                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\zh_TW\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):843
                                                              Entropy (8bit):5.76581227215314
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_locales\zu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):912
                                                              Entropy (8bit):4.65963951143349
                                                              Encrypted:false
                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):11280
                                                              Entropy (8bit):5.754230909218899
                                                              Encrypted:false
                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                              Malicious:false
                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\dasherSettingSchema.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):854
                                                              Entropy (8bit):4.284628987131403
                                                              Encrypted:false
                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                              Malicious:false
                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2525
                                                              Entropy (8bit):5.417689528134667
                                                              Encrypted:false
                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                              Malicious:false
                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\offscreendocument.html

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):97
                                                              Entropy (8bit):4.862433271815736
                                                              Encrypted:false
                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                              Malicious:false
                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\offscreendocument_main.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):95567
                                                              Entropy (8bit):5.4016395763198135
                                                              Encrypted:false
                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                              Malicious:false
                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\page_embed_script.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):4.65176400421739
                                                              Encrypted:false
                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                              Malicious:false
                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\CRX_INSTALL\service_worker_bin_prod.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):103988
                                                              Entropy (8bit):5.389407461078688
                                                              Encrypted:false
                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                              Malicious:false
                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_1417178160\d9e5d600-cfb3-4524-bd2b-3ed0b6820674.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_2033576130\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1753
                                                              Entropy (8bit):5.8889033066924155
                                                              Encrypted:false
                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                              Malicious:false
                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_2033576130\CRX_INSTALL\content.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):9815
                                                              Entropy (8bit):6.1716321262973315
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_2033576130\CRX_INSTALL\content_new.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):10388
                                                              Entropy (8bit):6.174387413738973
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_2033576130\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):962
                                                              Entropy (8bit):5.698567446030411
                                                              Encrypted:false
                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                              Malicious:false
                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7244_2033576130\d1e68d13-0e58-4eb8-8ad7-bd2dc972912a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:dropped
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4514
                                                              Entropy (8bit):4.9403547304466215
                                                              Encrypted:false
                                                              SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLNc8P:8S+Oc+UAOdwiOdKeQjDLNc8P
                                                              MD5:9ACF83192A83CA96C0125934894C1961
                                                              SHA1:40FED152EF7FD8A2D5DB45A9DCD255ACF5F51E2E
                                                              SHA-256:D930B3778614C41FB19B98E8690A7BDDC21921027DC036BC2054CCC4A698B9BA
                                                              SHA-512:B19923E303B23300BE8AF34BA94F017AF038EAF883474A416D6722D714238199D20616ACBEDC325551B5E814FB8CC1A53B2F3C0D024FF4E5C0EF0DFB492C18DD
                                                              Malicious:false
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4514
                                                              Entropy (8bit):4.9403547304466215
                                                              Encrypted:false
                                                              SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLNc8P:8S+Oc+UAOdwiOdKeQjDLNc8P
                                                              MD5:9ACF83192A83CA96C0125934894C1961
                                                              SHA1:40FED152EF7FD8A2D5DB45A9DCD255ACF5F51E2E
                                                              SHA-256:D930B3778614C41FB19B98E8690A7BDDC21921027DC036BC2054CCC4A698B9BA
                                                              SHA-512:B19923E303B23300BE8AF34BA94F017AF038EAF883474A416D6722D714238199D20616ACBEDC325551B5E814FB8CC1A53B2F3C0D024FF4E5C0EF0DFB492C18DD
                                                              Malicious:false
                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                              Category:dropped
                                                              Size (bytes):5318
                                                              Entropy (8bit):6.62067557672702
                                                              Encrypted:false
                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                              MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                              SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                              SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                              SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                              Malicious:false
                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                              Category:dropped
                                                              Size (bytes):5318
                                                              Entropy (8bit):6.62067557672702
                                                              Encrypted:false
                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                              MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                              SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                              SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                              SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                              Malicious:false
                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):262144
                                                              Entropy (8bit):0.04905141882491872
                                                              Encrypted:false
                                                              SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                              MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                              SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                              SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                              SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.186376962556299
                                                              Encrypted:false
                                                              SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                              MD5:C2A8F76D683C9F86054CA7775732A180
                                                              SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                              SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                              SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.186376962556299
                                                              Encrypted:false
                                                              SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                              MD5:C2A8F76D683C9F86054CA7775732A180
                                                              SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                              SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                              SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.035569227318798996
                                                              Encrypted:false
                                                              SSDEEP:3:GtlstFpQJ9EQ/GD1ottlstFpQJ9EQ/GDt/x89//alEl:GtWts0TettWts0TX89XuM
                                                              MD5:04A770D8284D3289CA33B54AD8A38636
                                                              SHA1:91A281489F3F27E99EC6111FBC01FDA5221F8F7F
                                                              SHA-256:4B95349F4310BB56C4857FA4CFB1AB8B53816C11C5A926649B532D242EB74ABE
                                                              SHA-512:2AB5217746EA1AD486147F90671C5918D91819B064282CB8818EC5D10887E9D277261F6B56E1AA43F8A937FDFA50D02636A198F51B092ABD1BE798045E735043
                                                              Malicious:false
                                                              Preview:..-......................1l.s_..K..v"...d.#..Vw2..-......................1l.s_..K..v"...d.#..Vw2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):32824
                                                              Entropy (8bit):0.03980958033799518
                                                              Encrypted:false
                                                              SSDEEP:3:Ol1B3CAy3uwQoxQwl8rEXsxdwhml8XW3R2:KnSfxDl8dMhm93w
                                                              MD5:273A14A5A1EBA751064944A62CBAB2AC
                                                              SHA1:DE51A437471BC55ADEDF46E485895C748418AC2A
                                                              SHA-256:52EC5260C9F03DA3E2EEF17CE05169368485EE83129DF4B390AD39E76ED47130
                                                              SHA-512:4D24EB75B274CF1B3F3F0EB1D0B4AD6EA563B7DF22A576B3AB815232B3316503437760CC9EF25E29430225F992FB158F8E25453A869A854A7B9A0DFDF923FC01
                                                              Malicious:false
                                                              Preview:7....-..........K..v"...K..^..G%........K..v"....l1..._s................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):13214
                                                              Entropy (8bit):5.4777699277209715
                                                              Encrypted:false
                                                              SSDEEP:192:lNnSRkyYbBp6uqUCaX96V4OQNdn5RHNBw8dKnSl:+eFqUMSB5Pw70
                                                              MD5:5A07FD22F5576846A2FCFB0C84EE428A
                                                              SHA1:26AB75EF26C23D7C89F535B8AF09D7E4F0771C6B
                                                              SHA-256:A91CA6CAAC9A8F9C8445EC3F7B580304387870BD920B39DE9B9C27DBD3C9835D
                                                              SHA-512:66589A2C64E37CE0896298C61D6ED3BA07DC2AD322CAE7ED6001D0CCEA321263E9A23DB6FF63E05EADC98B54558269E02FDBD8451AA309ADD8607948E0DC2D49
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725525327);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725525327);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725525327);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172552

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):13214
                                                              Entropy (8bit):5.4777699277209715
                                                              Encrypted:false
                                                              SSDEEP:192:lNnSRkyYbBp6uqUCaX96V4OQNdn5RHNBw8dKnSl:+eFqUMSB5Pw70
                                                              MD5:5A07FD22F5576846A2FCFB0C84EE428A
                                                              SHA1:26AB75EF26C23D7C89F535B8AF09D7E4F0771C6B
                                                              SHA-256:A91CA6CAAC9A8F9C8445EC3F7B580304387870BD920B39DE9B9C27DBD3C9835D
                                                              SHA-512:66589A2C64E37CE0896298C61D6ED3BA07DC2AD322CAE7ED6001D0CCEA321263E9A23DB6FF63E05EADC98B54558269E02FDBD8451AA309ADD8607948E0DC2D49
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725525327);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725525327);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725525327);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172552

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):65536
                                                              Entropy (8bit):0.04062825861060003
                                                              Encrypted:false
                                                              SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                              MD5:60C09456D6362C6FBED48C69AA342C3C
                                                              SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                              SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                              SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):90
                                                              Entropy (8bit):4.194538242412464
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):90
                                                              Entropy (8bit):4.194538242412464
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:dropped
                                                              Size (bytes):1583
                                                              Entropy (8bit):6.3225636519436685
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ82/FLXHeU7DAu3maT5sp8wHVVPNZ0ejhWjCBoy5cU0mifdsWrad:wKpR5SZzeU7NdMtZ0e2nd5ad
                                                              MD5:96CEC219D5C1B57B9F2D42423A630626
                                                              SHA1:8DB6E8387A8F0B860B0F08994D436430E3122754
                                                              SHA-256:65004ED239FE1148673612B927955482AF1498298C535CD319111A369E8BE5B2
                                                              SHA-512:F56A4C6836229146CA738F8D83B23A5D4229AE07E32F2BA7381854EAB68BAAFB34557A75A936C4C034B3D5671A29A688630319D2315BFF458A10B9DFF30F267B
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ea4dcedb-f429-4e19-87cd-2e93fd3f615d}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725525353069,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...W...l...........:....1":{..iUpdate...70,"startTim..`297368...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,..Donly..fex

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:dropped
                                                              Size (bytes):1583
                                                              Entropy (8bit):6.3225636519436685
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ82/FLXHeU7DAu3maT5sp8wHVVPNZ0ejhWjCBoy5cU0mifdsWrad:wKpR5SZzeU7NdMtZ0e2nd5ad
                                                              MD5:96CEC219D5C1B57B9F2D42423A630626
                                                              SHA1:8DB6E8387A8F0B860B0F08994D436430E3122754
                                                              SHA-256:65004ED239FE1148673612B927955482AF1498298C535CD319111A369E8BE5B2
                                                              SHA-512:F56A4C6836229146CA738F8D83B23A5D4229AE07E32F2BA7381854EAB68BAAFB34557A75A936C4C034B3D5671A29A688630319D2315BFF458A10B9DFF30F267B
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ea4dcedb-f429-4e19-87cd-2e93fd3f615d}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725525353069,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...W...l...........:....1":{..iUpdate...70,"startTim..`297368...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,..Donly..fex

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                              Category:dropped
                                                              Size (bytes):1583
                                                              Entropy (8bit):6.3225636519436685
                                                              Encrypted:false
                                                              SSDEEP:24:vIKSUGu5kLZ82/FLXHeU7DAu3maT5sp8wHVVPNZ0ejhWjCBoy5cU0mifdsWrad:wKpR5SZzeU7NdMtZ0e2nd5ad
                                                              MD5:96CEC219D5C1B57B9F2D42423A630626
                                                              SHA1:8DB6E8387A8F0B860B0F08994D436430E3122754
                                                              SHA-256:65004ED239FE1148673612B927955482AF1498298C535CD319111A369E8BE5B2
                                                              SHA-512:F56A4C6836229146CA738F8D83B23A5D4229AE07E32F2BA7381854EAB68BAAFB34557A75A936C4C034B3D5671A29A688630319D2315BFF458A10B9DFF30F267B
                                                              Malicious:false
                                                              Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ea4dcedb-f429-4e19-87cd-2e93fd3f615d}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725525353069,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...W...l...........:....1":{..iUpdate...70,"startTim..`297368...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,..Donly..fex

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):2.0836444556178684
                                                              Encrypted:false
                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4537
                                                              Entropy (8bit):5.037071259097187
                                                              Encrypted:false
                                                              SSDEEP:48:YrSAYuJeUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:ycQ+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                              MD5:38C17CBD54C5EB22DA7B319116AE59F8
                                                              SHA1:1C34C96EDAC30C992021C4912C93D67959A41C47
                                                              SHA-256:7C1A4E02F74D1B7B224F140F4F8806805837DBE64EDDF3948CD0F5F401994515
                                                              SHA-512:7D3DE2D13CDB87FF463012311AC0281E6191929D266672F54F1FEBB06EED12727ED2646FBE1D5E4DA401F3F338958982E1DB068DCA5D1A35E8B2D56285EF10EF
                                                              Malicious:false
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-05T08:35:16.350Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):4537
                                                              Entropy (8bit):5.037071259097187
                                                              Encrypted:false
                                                              SSDEEP:48:YrSAYuJeUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:ycQ+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                              MD5:38C17CBD54C5EB22DA7B319116AE59F8
                                                              SHA1:1C34C96EDAC30C992021C4912C93D67959A41C47
                                                              SHA-256:7C1A4E02F74D1B7B224F140F4F8806805837DBE64EDDF3948CD0F5F401994515
                                                              SHA-512:7D3DE2D13CDB87FF463012311AC0281E6191929D266672F54F1FEBB06EED12727ED2646FBE1D5E4DA401F3F338958982E1DB068DCA5D1A35E8B2D56285EF10EF
                                                              Malicious:false
                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-05T08:35:16.350Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.579602559012774
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:917'504 bytes
                                                              MD5:72ed55d2571582a907985c027302a559
                                                              SHA1:c2b160d36eb714c0642689a9721e0276213307a4
                                                              SHA256:60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779
                                                              SHA512:78f4967b8ff741275d6eabb265a87310cf3b708f467624ed8ea2a046a4197256e4e3d28450f4ac26dce396c9961f7ab466bd959470df7037e4a350203ce5d263
                                                              SSDEEP:12288:iqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTH:iqDEvCTbMWu7rQYlBQcBiT6rprG8avH
                                                              TLSH:A6159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                              File Icon

                                                              Icon Hash:aaf3e3e3938382a0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x420577
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66D94ADC [Thu Sep 5 06:08:28 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F96F4917B83h
                                                              jmp 00007F96F491748Fh
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F96F491766Dh
                                                              mov dword ptr [esi], 0049FDF0h
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                              mov dword ptr [ecx], 0049FDF0h
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F96F491763Ah
                                                              mov dword ptr [esi], 0049FE0Ch
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                              mov dword ptr [ecx], 0049FE0Ch
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              and dword ptr [eax], 00000000h
                                                              and dword ptr [eax+04h], 00000000h
                                                              push eax
                                                              mov eax, dword ptr [ebp+08h]
                                                              add eax, 04h
                                                              push eax
                                                              call 00007F96F491A22Dh
                                                              pop ecx
                                                              pop ecx
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              lea eax, dword ptr [ecx+04h]
                                                              mov dword ptr [ecx], 0049FDD0h
                                                              push eax
                                                              call 00007F96F491A278h
                                                              pop ecx
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              push eax
                                                              call 00007F96F491A261h
                                                              test byte ptr [ebp+08h], 00000001h
                                                              pop ecx

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0xd40000x95000x9600ebcc33f940abf9ea6216faf2d8d8736cFalse0.28106770833333333data5.161262025323488IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                              Imports

                                                              DLLImport
                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                              PSAPI.DLLGetProcessMemoryInfo
                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                              UxTheme.dllIsThemeActive
                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishGreat Britain

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 5, 2024 08:54:52.150409937 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:54:52.462793112 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:54:53.072211981 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:54:53.212843895 CEST49674443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:54:53.216387987 CEST49675443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:54:53.369081020 CEST49672443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:54:54.275247097 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:54:56.681557894 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:55:00.680115938 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:00.680140018 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:00.680205107 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:00.785976887 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:00.814640999 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:00.814652920 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.226846933 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:01.535027027 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:55:01.575560093 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.596539974 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.596550941 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.597585917 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.597667933 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.615674019 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.615757942 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.616261959 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.616274118 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.759572029 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.806763887 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.806854963 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:01.806899071 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.825287104 CEST49703443192.168.2.794.245.104.56
                                                              Sep 5, 2024 08:55:01.825301886 CEST4434970394.245.104.56192.168.2.7
                                                              Sep 5, 2024 08:55:02.028542995 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:02.830861092 CEST49674443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:02.830878973 CEST49675443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:03.138245106 CEST49672443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:03.525409937 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:05.414247990 CEST44349698104.98.116.138192.168.2.7
                                                              Sep 5, 2024 08:55:05.414354086 CEST49698443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:05.571954966 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.571993113 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:05.572056055 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.572479963 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.572540045 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:05.572626114 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.575700045 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.575710058 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:05.575869083 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:05.575900078 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:05.589097023 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:05.589138985 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:05.589200020 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:05.589684010 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:05.589704990 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.037256002 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.037734985 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.037743092 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.038917065 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.038979053 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.039839983 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.039901018 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.040039062 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.040046930 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.060340881 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.064233065 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.078825951 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.078845978 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.079066992 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.079101086 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.079927921 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.079993010 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.080271959 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.080332994 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.081008911 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.081084967 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.081176996 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.081186056 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.082025051 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.082108021 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.082154989 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.124118090 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.128489971 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.168382883 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.168586016 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.168756008 CEST49726443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.168761969 CEST44349726172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.190459967 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.190522909 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.191941023 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.192012072 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.192147970 CEST49728443192.168.2.7162.159.61.3
                                                              Sep 5, 2024 08:55:06.192162991 CEST44349728162.159.61.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.193651915 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.193818092 CEST49727443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.193834066 CEST44349727172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.354408979 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:06.354439020 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:06.354558945 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:06.356318951 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:06.356331110 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:06.624917984 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:06.837869883 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.837910891 CEST44349731172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.838160038 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.838206053 CEST44349732172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.839205980 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.839276075 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.839391947 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.839410067 CEST44349732172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.839550018 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.839560986 CEST44349731172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.851883888 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.851897955 CEST44349733172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.852063894 CEST49734443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.852070093 CEST44349734172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.852195978 CEST49734443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.852195978 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.852380037 CEST49734443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.852392912 CEST44349734172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.852504969 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.852514982 CEST44349733172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.924837112 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.924894094 CEST44349735172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.924993992 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.925003052 CEST44349736172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.932362080 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.932362080 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.940938950 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.940972090 CEST44349736172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:06.941034079 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.941047907 CEST44349735172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.398895025 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.398914099 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.398957968 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.399007082 CEST49734443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.399010897 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.399054050 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.399961948 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.399996996 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.400141954 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.400150061 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.400275946 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.400310040 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.400479078 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.400490999 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.401880026 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402101994 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402143955 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402143955 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402379990 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402396917 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.402549982 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402565002 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.402654886 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402667046 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.402725935 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.402745962 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.440505981 CEST44349734172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.440506935 CEST44349733172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.444492102 CEST44349736172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.444500923 CEST44349735172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.444504023 CEST44349731172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.444508076 CEST44349732172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.714775085 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.714816093 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.715543985 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.715554953 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.716022968 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.716259003 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.716259003 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.716279030 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.716362953 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.716377020 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.962496042 CEST44349732172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.962620020 CEST44349732172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.963469028 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.963557005 CEST49732443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.963686943 CEST44349734172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.963746071 CEST44349731172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.963756084 CEST49734443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.963882923 CEST44349731172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.964658976 CEST44349733172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.964714050 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.964714050 CEST49731443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.964858055 CEST44349733172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.966953039 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.966953039 CEST49733443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.967902899 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:07.972502947 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:07.972753048 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:07.972903967 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.001843929 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.001849890 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.002306938 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.073213100 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:08.073246956 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:08.087064981 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:08.089448929 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:08.089462996 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:08.106286049 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:08.106316090 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:08.117446899 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:08.118185043 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:08.118197918 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:08.119076014 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:08.119118929 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:08.132838011 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:08.133869886 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:08.133882999 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:08.186908007 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.186940908 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:08.187014103 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.187046051 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:08.192173958 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.192183018 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.192557096 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.192574024 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:08.192696095 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:08.192711115 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:08.212507963 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.214548111 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.258862972 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.304493904 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.414762974 CEST44349735172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.414880991 CEST44349735172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.417234898 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.417238951 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.417262077 CEST49735443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.417303085 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.424880028 CEST44349736172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.425029993 CEST44349736172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.428814888 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.432224035 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.432240009 CEST49736443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.437606096 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.441894054 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.442003965 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.442018032 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.442127943 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.442141056 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.443058014 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.443279982 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.443979979 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.443989992 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.444118023 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.444134951 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.445060968 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.447165966 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.447793961 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.448916912 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.448971033 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.449467897 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.457122087 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.457220078 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.457416058 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.457488060 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.457587957 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.457597971 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.457715034 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.457721949 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.457922935 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.457990885 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.458033085 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.458041906 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.458758116 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.458760977 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.459101915 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.464507103 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.464638948 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.464647055 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.468616962 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.468633890 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.468642950 CEST49730443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.468647957 CEST44349730184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.470393896 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.470467091 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.470657110 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.470788956 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.470915079 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.470980883 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.527576923 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.527587891 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.527622938 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.527641058 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.632107019 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.632107019 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.632106066 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.632106066 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.632123947 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.632133007 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.632133007 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.632143021 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.724447966 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.724450111 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.737087965 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.737087965 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.737091064 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.737091064 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.819742918 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.819786072 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:08.819988012 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.820286989 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:08.820302010 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:09.566426039 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.567889929 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.569439888 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.573040009 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.573049068 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.573383093 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.573400021 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.573493958 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.573508024 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.574107885 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.574198008 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.574225903 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.574292898 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.575063944 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.575215101 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.575689077 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.575712919 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.576493025 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.584189892 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.584199905 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.584207058 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.584228039 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.586046934 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.586256027 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.586443901 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.586592913 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.586673975 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.586901903 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.586994886 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.588553905 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.588627100 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.590280056 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.628493071 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.628501892 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.632508039 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.634604931 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.634613037 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.667337894 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.667790890 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.667810917 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.668834925 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.668845892 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.680154085 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.682976007 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.683058977 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.683149099 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.694689035 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.694782972 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.695308924 CEST49747443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.695331097 CEST44349747142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.699708939 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.699811935 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.700635910 CEST49748443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.700650930 CEST44349748142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:09.721455097 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.721487045 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.721517086 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.721597910 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.721612930 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.721739054 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.722213030 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722254038 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722672939 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.722681999 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722692966 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722728968 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722738981 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.722747087 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.722836018 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.723238945 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.723661900 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.726080894 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.726114035 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.726180077 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.726188898 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.728497028 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.766022921 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.766922951 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.766941071 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.768152952 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.768166065 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.768636942 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.770092964 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.770155907 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.770261049 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.780325890 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.780339003 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.780370951 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.780380964 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.780405045 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.780499935 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.782088995 CEST49744443192.168.2.7152.195.19.97
                                                              Sep 5, 2024 08:55:09.782103062 CEST44349744152.195.19.97192.168.2.7
                                                              Sep 5, 2024 08:55:09.791701078 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.791737080 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.791795015 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.792087078 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.792102098 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.809643984 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.809685946 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.809910059 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.809950113 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.809961081 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810009003 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.810139894 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810177088 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810201883 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810415030 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.810422897 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810457945 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810486078 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810512066 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.810658932 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.816498995 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.821568966 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.821782112 CEST49743443192.168.2.7142.250.72.110
                                                              Sep 5, 2024 08:55:09.821789026 CEST44349743142.250.72.110192.168.2.7
                                                              Sep 5, 2024 08:55:09.875096083 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.875108957 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.875144958 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.875173092 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.875183105 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.879627943 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.879652023 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.879683971 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.879998922 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.901510954 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:09.901531935 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:09.915564060 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:09.915761948 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:09.915774107 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:09.928333044 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:09.928342104 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:09.939960957 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:09.944751978 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:09.944761992 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:09.947563887 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:09.952251911 CEST804975534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:09.959933996 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:09.960105896 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:09.964968920 CEST804975534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:09.966674089 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.966675997 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.966708899 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.966725111 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.966737986 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.966749907 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968821049 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968832970 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968849897 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968862057 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968868017 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.968878031 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.968887091 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.969098091 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.969227076 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.969232082 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:09.969337940 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:09.969424009 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.004205942 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.004239082 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.004385948 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.004416943 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.016417980 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.016421080 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.016638041 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.016657114 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.016849995 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.016864061 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.065092087 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.065112114 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.065218925 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.065237999 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.065547943 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.066337109 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.066370964 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.067471981 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.067512035 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.068361998 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.068380117 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.068439960 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.068449974 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.069104910 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.069139004 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.069169998 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.157691002 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.157710075 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.158062935 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.158082962 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.158176899 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.158366919 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.158385038 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.158948898 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.158991098 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.159578085 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.159585953 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.159770012 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.159782887 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.159914970 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.160407066 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.160418034 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.160491943 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.205935955 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.206016064 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.207518101 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.207525015 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.207798004 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.209059000 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.239845991 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.239883900 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.239993095 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.240195036 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.240207911 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.253777027 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.253801107 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.254229069 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.254266024 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.254344940 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.254360914 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.254637003 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.254677057 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.254766941 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.254797935 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255415916 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255449057 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255594969 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.255601883 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255783081 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255796909 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255819082 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.255851984 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.255857944 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.255887985 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.255917072 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.256176949 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.256325960 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.256499052 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.256584883 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.256823063 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.264780998 CEST49746443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.264791965 CEST4434974613.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.417319059 CEST804975534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:10.434695959 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.439779043 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.439796925 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.440174103 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.440475941 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.440560102 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.440658092 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.441454887 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:10.441468000 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:10.441521883 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:10.449040890 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:10.449054003 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:10.449161053 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:10.449199915 CEST4434975235.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:10.449301958 CEST49752443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:10.478679895 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.478703976 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.479322910 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.479337931 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.480581045 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.481177092 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.482637882 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.482636929 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.482825041 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.482837915 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.482975960 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.482986927 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.483079910 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.483104944 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.483275890 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.483374119 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.483535051 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.483545065 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.483556986 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.483858109 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.483871937 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.484105110 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.484277010 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.484292030 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.484302998 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.484500885 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.485016108 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.485169888 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.485230923 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.485243082 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.485407114 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.485471964 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.485585928 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.485690117 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.485706091 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.485716105 CEST49749443192.168.2.7184.28.90.27
                                                              Sep 5, 2024 08:55:10.485721111 CEST44349749184.28.90.27192.168.2.7
                                                              Sep 5, 2024 08:55:10.485743999 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.485821962 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.497296095 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.499459028 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.499469042 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.499871969 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.499882936 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.499912024 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.500190973 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.500200987 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.500447989 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.500665903 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.501691103 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.501766920 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.501857996 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.533586979 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.533591032 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.533591986 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.533591032 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:10.533602953 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.533607960 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.536072016 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:10.536097050 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:10.545598030 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.545629025 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.545638084 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.545655966 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.545664072 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.545675993 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.548271894 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.548286915 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.548290014 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:10.548496008 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.549154043 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.549587965 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:10.549606085 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:10.601576090 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601610899 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601886988 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601923943 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601948023 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601975918 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.601999044 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.602469921 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.604048014 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.606559038 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.606581926 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.606591940 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.606626034 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.608387947 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.608609915 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.608616114 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.633750916 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.633856058 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.642839909 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.642849922 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.642889977 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.642921925 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.645256996 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.645267963 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.645292997 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.645318031 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.646060944 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.646703005 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.646713018 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.647468090 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.692384958 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.692418098 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.692441940 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.692466974 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.692559958 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.692581892 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693079948 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.693571091 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693634033 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693660975 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693686962 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693711042 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.693831921 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694051027 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.694061041 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694295883 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694400072 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.694406986 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694439888 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694463968 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694642067 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.694648981 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.694927931 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.695502996 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.695651054 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.695681095 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.695852041 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.695882082 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.695889950 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.696235895 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.696242094 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.696573019 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.696578026 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.728123903 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.728143930 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.728179932 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.729041100 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.729126930 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.731336117 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.731574059 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.732374907 CEST49750443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:55:10.732393980 CEST4434975013.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:55:10.736602068 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.737060070 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.737078905 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.746793032 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.747303963 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.747315884 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.748353004 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.748445034 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.749984026 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.750045061 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.750214100 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.783164024 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783200026 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783224106 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783246994 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783272982 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783299923 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783324003 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783349991 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783375978 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783400059 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783422947 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783448935 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783476114 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783512115 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783540964 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.783564091 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.785744905 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.785891056 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.786062002 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.786084890 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.792503119 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.796385050 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.796416044 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796550035 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.796588898 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796608925 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796624899 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796643019 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796658993 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796686888 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796700954 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796715975 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796737909 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796766043 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.796776056 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.796806097 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.796847105 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.796892881 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.826137066 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.826224089 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.826251984 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.826275110 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.829024076 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.829052925 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.829353094 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.836139917 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.836154938 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.849090099 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.849134922 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.849144936 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.849158049 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.849463940 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.849625111 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.849878073 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.851643085 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.852802038 CEST49758443192.168.2.7142.250.64.68
                                                              Sep 5, 2024 08:55:10.852812052 CEST44349758142.250.64.68192.168.2.7
                                                              Sep 5, 2024 08:55:10.872826099 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.872903109 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.872932911 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.872961998 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.872988939 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.873012066 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.873039961 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.873348951 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.873678923 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.874072075 CEST49751443192.168.2.7142.251.40.129
                                                              Sep 5, 2024 08:55:10.874083042 CEST44349751142.251.40.129192.168.2.7
                                                              Sep 5, 2024 08:55:10.937092066 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.938597918 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.948153973 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.948168993 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.948270082 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.948278904 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.948649883 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.948676109 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.949573040 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.949640036 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.949841976 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.949908018 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.027411938 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.027662039 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.161542892 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.164149046 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.164192915 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.166666985 CEST804975534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.172442913 CEST4975580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.172478914 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.192406893 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.192424059 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.243093967 CEST49671443192.168.2.7204.79.197.203
                                                              Sep 5, 2024 08:55:11.251797915 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.251811981 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.263238907 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.339719057 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.343880892 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.344487906 CEST804976634.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.347824097 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.351296902 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.356126070 CEST804976634.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.360444069 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.360450983 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.360868931 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.385867119 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.390693903 CEST804976734.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.394831896 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.395051956 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.399791956 CEST804976734.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.401716948 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.401738882 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.401878119 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.401916027 CEST4434976934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.402271032 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.402271032 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.402530909 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.402543068 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.403788090 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.403804064 CEST4434976934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.513938904 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.513979912 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.514997005 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.515163898 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.515180111 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.538548946 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.664475918 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.664499998 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.665702105 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.670099020 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.670109987 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.670227051 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.670320034 CEST4434976534.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.670608044 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.670639038 CEST4434977234.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.676462889 CEST49765443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.676518917 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.677979946 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.677994967 CEST4434977234.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.790889025 CEST804976634.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.840970993 CEST804976734.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:11.861054897 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.861129045 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.864273071 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.864284039 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.864541054 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.872452021 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.872502089 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.872597933 CEST4434976835.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:11.872632027 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.874303102 CEST49768443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:11.875453949 CEST4434976934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.882911921 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.887001991 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.887017012 CEST4434976934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.887061119 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.887310982 CEST4434976934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:11.903037071 CEST49769443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:11.923111916 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.923120975 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:11.967947006 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.968041897 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.968249083 CEST4434976252.183.220.149192.168.2.7
                                                              Sep 5, 2024 08:55:11.969400883 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.969400883 CEST49762443192.168.2.752.183.220.149
                                                              Sep 5, 2024 08:55:11.980834961 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.980977058 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.984242916 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.984256983 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.984491110 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.987093925 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.987222910 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.987232924 CEST4434977134.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.987512112 CEST49771443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.987638950 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.987663031 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:11.993520975 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.993699074 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:11.993716955 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:12.138768911 CEST4434977234.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:12.139401913 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.143466949 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.143476009 CEST4434977234.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:12.143546104 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.143636942 CEST4434977234.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:12.143717051 CEST49772443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.436430931 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.436460018 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.506297112 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.565135002 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:12.565293074 CEST804976734.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:12.565815926 CEST804976634.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:12.566438913 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:12.566637039 CEST4976780192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.566653967 CEST4976680192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.566669941 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.566823959 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:12.570015907 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:12.570028067 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:12.570287943 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:12.570465088 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:12.573045015 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:12.573123932 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:12.573208094 CEST4434977334.160.144.191192.168.2.7
                                                              Sep 5, 2024 08:55:12.573268890 CEST49773443192.168.2.734.160.144.191
                                                              Sep 5, 2024 08:55:12.574572086 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:12.574604034 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:12.575351000 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:12.575735092 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:12.576586962 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:12.576602936 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:12.627257109 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:12.865894079 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.865935087 CEST4434977734.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:12.869467020 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.870956898 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:12.870978117 CEST4434977734.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.011452913 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:13.128798962 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:13.263837099 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:13.263880014 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:13.264167070 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:13.265170097 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:13.265186071 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:13.329601049 CEST4434977734.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.329687119 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.333801985 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.333812952 CEST4434977734.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.333887100 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.333982944 CEST4434977734.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.334028959 CEST49777443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.360075951 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.360101938 CEST4434977934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.360292912 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.362166882 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.362178087 CEST4434977934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.380721092 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.380824089 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.424767017 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.424793005 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.425093889 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.434897900 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.434925079 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.434942007 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.530930042 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:13.535940886 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:13.536668062 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:13.536818027 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:13.544333935 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:13.706388950 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.706463099 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.706521988 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.706836939 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.706855059 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.706866980 CEST49776443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.706871986 CEST4434977640.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.783066988 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.783111095 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.783803940 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.784111977 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.784127951 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.843194962 CEST4434977934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.843558073 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.847604036 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.847611904 CEST4434977934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.847690105 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.847768068 CEST4434977934.117.188.166192.168.2.7
                                                              Sep 5, 2024 08:55:13.847963095 CEST49779443192.168.2.734.117.188.166
                                                              Sep 5, 2024 08:55:13.863017082 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.863039970 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.864916086 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.865537882 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:13.865549088 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:13.869235039 CEST49698443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:13.873476982 CEST49783443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:13.873497009 CEST44349783104.98.116.138192.168.2.7
                                                              Sep 5, 2024 08:55:13.873555899 CEST49783443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:13.873920918 CEST49783443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:13.873933077 CEST44349783104.98.116.138192.168.2.7
                                                              Sep 5, 2024 08:55:13.874284983 CEST44349698104.98.116.138192.168.2.7
                                                              Sep 5, 2024 08:55:13.972080946 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:13.972420931 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:13.973993063 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:13.974001884 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:13.974232912 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:13.984324932 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:14.028980970 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.030494928 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:14.076493979 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.126813889 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:14.131180048 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:14.131700039 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:14.135947943 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:14.221035957 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:14.225298882 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:14.261837006 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.261867046 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.261876106 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.261895895 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.261904955 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.261917114 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.262375116 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.262397051 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.262408018 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.262562037 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.262568951 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.262604952 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.266896009 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.272813082 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.272826910 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.272840977 CEST49778443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:14.272846937 CEST4434977813.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:14.331392050 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:14.331454992 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:14.578183889 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.578815937 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.578830957 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.585429907 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.585437059 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.585468054 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.585478067 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.662281990 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.662750006 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.662764072 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.663346052 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.663352013 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.663369894 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.663381100 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.863138914 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.863296986 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.865556955 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.866080999 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.866101027 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:14.866111994 CEST49781443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:14.866117001 CEST4434978140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:16.926114082 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:16.930927992 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:17.020241976 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:17.074069023 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:17.942612886 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:17.942645073 CEST4434978534.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:17.942723989 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:17.944170952 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:17.944184065 CEST4434978534.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:18.399312019 CEST4434978534.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:18.399385929 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:18.404373884 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:18.404388905 CEST4434978534.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:18.404462099 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:18.404541969 CEST4434978534.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:18.404670954 CEST49785443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:18.504127979 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:18.508898020 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:18.510804892 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.510849953 CEST4434978634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:18.511075020 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.512429953 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.512451887 CEST4434978634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:18.551970005 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:18.552017927 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:18.552135944 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:18.552295923 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:18.552313089 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:18.598789930 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:18.658495903 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:18.989717960 CEST4434978634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:18.989794016 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.993180990 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.993191957 CEST4434978634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:18.993257999 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:18.993344069 CEST4434978634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:18.993444920 CEST49786443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.005189896 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:19.005354881 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:19.008073092 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:19.008079052 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:19.008291960 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:19.010998011 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:19.011069059 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:19.011131048 CEST4434978735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:19.011266947 CEST49787443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:19.157114983 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.161967039 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.251390934 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.296134949 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.404783010 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.409713984 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.414362907 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.414396048 CEST4434978834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:19.414613008 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.415923119 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.415941000 CEST4434978834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:19.499401093 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.544688940 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.636569023 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.641530037 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.727091074 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:19.727132082 CEST4434978934.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:19.727240086 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:19.728600025 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:19.728615046 CEST4434978934.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:19.730937958 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:19.775881052 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.875042915 CEST4434978834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:19.875130892 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.948354959 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.948379993 CEST4434978834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:19.948445082 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.948606968 CEST4434978834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:19.948663950 CEST49788443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:19.977751017 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:19.982677937 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:20.018906116 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:20.018943071 CEST4434979034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:20.020504951 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:20.073215008 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:20.114504099 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:20.197117090 CEST4434978934.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:20.197237015 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:20.520032883 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:20.520055056 CEST4434979034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:20.985383987 CEST4434979034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:20.985457897 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:21.702667952 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.702702045 CEST4434978934.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:21.702778101 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.703005075 CEST4434978934.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:21.703380108 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.703418016 CEST4434979134.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:21.706062078 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:21.706084013 CEST4434979034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:21.706150055 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:21.706259012 CEST49789443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.706300020 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.706407070 CEST4434979034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:21.707581043 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:21.707596064 CEST4434979134.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:21.707653999 CEST49790443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:21.711122036 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:21.756299973 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:21.966089010 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.055974960 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.228874922 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.228889942 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.228899956 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.228946924 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.228970051 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.228984118 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.229038954 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:22.229060888 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.229296923 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:22.233522892 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.452435017 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.452538967 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.452611923 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:22.452639103 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.452652931 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:22.452652931 CEST49782443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:22.452662945 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.452670097 CEST4434978240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:22.453979969 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.453991890 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.457978010 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.462770939 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.505271912 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.552139044 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.605556011 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.708353043 CEST4434979134.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:22.715048075 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.719795942 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.719809055 CEST4434979134.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:22.719891071 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.719938993 CEST4434979134.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:22.730204105 CEST49791443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.852961063 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.857748985 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.934922934 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.934951067 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:22.935067892 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.935211897 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:22.935220957 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:22.947226048 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:22.950201988 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:22.955133915 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.000962973 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:23.019916058 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.019951105 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.020106077 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.020267963 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.020281076 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.046669960 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.093936920 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:23.327547073 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.327651024 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.328330040 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.328404903 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.329916954 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.330014944 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.336054087 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.336116076 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.336180925 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.344347954 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.344403028 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.344466925 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.348195076 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.348248959 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.348330975 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.353269100 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.353338957 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:23.353528023 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:23.400665045 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:23.400732994 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:23.403409958 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:23.403414011 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:23.403646946 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:23.405909061 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:23.406012058 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:23.406044006 CEST4434979234.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:23.407567978 CEST49792443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:23.599287987 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:23.604103088 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.606353998 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.606395960 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.606765032 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.606801987 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.608575106 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.608578920 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.608752012 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.608764887 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.608850002 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.608863115 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.610094070 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:23.610133886 CEST4434979634.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:23.613182068 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:23.614634991 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:23.614660025 CEST4434979634.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:23.619445086 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.619472980 CEST4434979734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.619692087 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.621088982 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:23.621108055 CEST4434979734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:23.694030046 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.703522921 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:23.708303928 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.756489992 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:23.797492981 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:23.801101923 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.802814960 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.802845001 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.803494930 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.803499937 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.803548098 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:23.803555012 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:23.841223001 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:24.174092054 CEST4434979634.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:24.174169064 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:24.176573992 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.176709890 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.176726103 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.176753998 CEST4434979734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.176886082 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.176888943 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.179480076 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.179491043 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.179717064 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.181619883 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.181627989 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.181854963 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.184566021 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:24.184582949 CEST4434979634.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:24.184662104 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:24.184740067 CEST4434979634.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:24.186220884 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.186379910 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.186490059 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.186496019 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.187172890 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.187223911 CEST49796443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:24.187325001 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.187359095 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.187364101 CEST4434979534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.187767982 CEST49795443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.188328028 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.188334942 CEST4434979734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.188400984 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.188534975 CEST4434979734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.188709021 CEST49797443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.189511061 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:24.191644907 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.191668034 CEST4434979834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.191915989 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.193099022 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.193108082 CEST4434979834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.194375992 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:24.283895016 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:24.287166119 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:24.292023897 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:24.328511000 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:24.381388903 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:24.392504930 CEST4434979434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.392565966 CEST49794443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.428767920 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:24.551203012 CEST49677443192.168.2.720.50.201.200
                                                              Sep 5, 2024 08:55:24.650868893 CEST4434979834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.650950909 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.655714035 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.655724049 CEST4434979834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.655822992 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:24.655874968 CEST4434979834.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:24.655972004 CEST49798443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:25.847068071 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:25.847155094 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:25.847285986 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:25.848352909 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:25.848625898 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:25.848694086 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:26.054261923 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:26.055258036 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.055296898 CEST4434979934.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:26.055775881 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.057111025 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.057125092 CEST4434979934.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:26.059534073 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:26.149099112 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:26.204883099 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:26.283395052 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:26.288341045 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:26.377609015 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:26.420386076 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:26.512470961 CEST4434979934.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:26.512547970 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.516635895 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.516647100 CEST4434979934.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:26.516737938 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.516869068 CEST4434979934.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:55:26.517384052 CEST49799443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:55:26.914174080 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:26.918996096 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:27.009053946 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:27.056497097 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:27.086435080 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:27.095438957 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:27.188266993 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:27.234894037 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:29.224102020 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.224124908 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.224155903 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.225991964 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.229495049 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.233578920 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.233594894 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.233604908 CEST49793443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.233611107 CEST4434979340.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.328634024 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.328656912 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:29.328727961 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.328866959 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:29.328879118 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.150384903 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.150904894 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.150923014 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.151525021 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.151535034 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.151568890 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.151576996 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.598534107 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.598555088 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.598582983 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.598690987 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.605643034 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.605918884 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.605937004 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.605947018 CEST49800443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.605952978 CEST4434980040.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.723995924 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.724028111 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.724111080 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.724272013 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.724282026 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.772716045 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.772731066 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:30.772854090 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.773118973 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:30.773128986 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.542028904 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.542562008 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.542576075 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.543389082 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.543397903 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.543415070 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.543426991 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.559633017 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.559715986 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.567991972 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.567997932 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.568253040 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.568954945 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.569010019 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.569035053 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.841655016 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.841674089 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.841749907 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.841929913 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.842130899 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.842416048 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.842430115 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.842439890 CEST49802443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.842444897 CEST4434980240.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.969182968 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.969201088 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.969255924 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.969424009 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.969433069 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.969470978 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.970062017 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.970079899 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.970092058 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.970098019 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.970379114 CEST49801443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.970381975 CEST4434980140.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.980145931 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.980168104 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:31.980253935 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.980421066 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:31.980431080 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:32.071732998 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.071752071 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.071908951 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.072283030 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.072293043 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.746162891 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:32.746207952 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:32.746887922 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:32.746974945 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:32.746985912 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:32.755286932 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:32.759536028 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:32.759566069 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:32.759874105 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:32.759908915 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:32.760142088 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:32.760689974 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:32.760696888 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:32.760708094 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:32.760834932 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:32.760847092 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:32.762080908 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:32.762099981 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:32.765868902 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:32.765873909 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:32.765930891 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:32.765938044 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:32.780184031 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:32.780195951 CEST4434981035.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:32.782707930 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:32.784794092 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:32.784804106 CEST4434981035.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:32.813152075 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:32.813204050 CEST4434981135.201.103.21192.168.2.7
                                                              Sep 5, 2024 08:55:32.813970089 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:32.816065073 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:32.816087961 CEST4434981135.201.103.21192.168.2.7
                                                              Sep 5, 2024 08:55:32.842843056 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.848500967 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.852765083 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.858298063 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.858305931 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.858551025 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.903975964 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.991723061 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:32.991823912 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:32.992022038 CEST4434980540.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.002391100 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.002417088 CEST49805443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.082951069 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.082999945 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.083128929 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.083416939 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.083427906 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.211108923 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.211186886 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.214884043 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.214891911 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.215169907 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.216526985 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.216803074 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.219602108 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.219609976 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.219846010 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.220915079 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.221028090 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.221084118 CEST4434980735.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.223088980 CEST49807443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.225033998 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.225120068 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.225191116 CEST4434980834.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.225523949 CEST49808443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.227665901 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.232513905 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.243242979 CEST4434981035.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:33.243309975 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:33.247769117 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:33.247780085 CEST4434981035.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:33.247870922 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:33.247910023 CEST4434981035.190.72.216192.168.2.7
                                                              Sep 5, 2024 08:55:33.248065948 CEST49810443192.168.2.735.190.72.216
                                                              Sep 5, 2024 08:55:33.275814056 CEST4434981135.201.103.21192.168.2.7
                                                              Sep 5, 2024 08:55:33.275901079 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:33.280323029 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:33.280354977 CEST4434981135.201.103.21192.168.2.7
                                                              Sep 5, 2024 08:55:33.280409098 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:33.280519962 CEST4434981135.201.103.21192.168.2.7
                                                              Sep 5, 2024 08:55:33.280919075 CEST49811443192.168.2.735.201.103.21
                                                              Sep 5, 2024 08:55:33.284142017 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.284168959 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.284266949 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.284373045 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.284384012 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.322088957 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.327474117 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.332513094 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.374178886 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.401987076 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.402015924 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.402046919 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.402092934 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.402103901 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.402343988 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.402836084 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.403038025 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.403055906 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.403065920 CEST49804443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.403072119 CEST4434980440.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.421802044 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.474472046 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.496450901 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:33.496535063 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:33.499846935 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:33.499856949 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:33.500133991 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:33.502932072 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:33.503053904 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:33.503079891 CEST4434980952.222.236.48192.168.2.7
                                                              Sep 5, 2024 08:55:33.503216028 CEST49809443192.168.2.752.222.236.48
                                                              Sep 5, 2024 08:55:33.512101889 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.512125015 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.512574911 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.512707949 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.512723923 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.513999939 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.514024019 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.514324903 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.514446020 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.514456987 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.515775919 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.515791893 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.516813993 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.516817093 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.516889095 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.516897917 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.521776915 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.528078079 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.528088093 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.528212070 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.528387070 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:33.528397083 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:33.611562967 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.614171028 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.619868994 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.652878046 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.724193096 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.766076088 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.773576021 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.773648977 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.776824951 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.776830912 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.777051926 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.779279947 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.779387951 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.779437065 CEST4434981334.149.100.209192.168.2.7
                                                              Sep 5, 2024 08:55:33.781887054 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.781902075 CEST49813443192.168.2.734.149.100.209
                                                              Sep 5, 2024 08:55:33.782403946 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.787303925 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.853579044 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.853648901 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.854873896 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.854880095 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.855123043 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.877521992 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.880189896 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.885020971 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.906874895 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.922497988 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.962755919 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.962804079 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.963038921 CEST4434981240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:33.963227034 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.963239908 CEST49812443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:33.971235037 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.971349001 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.973906994 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.973912954 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.974142075 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.974364042 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.975780010 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.975919962 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.975923061 CEST4434981635.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.976448059 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.979265928 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:33.980504036 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.984052896 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:33.991676092 CEST49816443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.991676092 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.994239092 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.994244099 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.994477034 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:33.996524096 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.996606112 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:33.996670961 CEST4434981535.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:34.002175093 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:34.007205963 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.007235050 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.007236958 CEST49815443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.010274887 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.010297060 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:34.010550976 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:34.018428087 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.018520117 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.018666029 CEST4434981435.244.181.201192.168.2.7
                                                              Sep 5, 2024 08:55:34.022239923 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.022257090 CEST49814443192.168.2.735.244.181.201
                                                              Sep 5, 2024 08:55:34.022800922 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:34.055313110 CEST49819443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.055337906 CEST4434981940.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:34.064012051 CEST49819443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.064487934 CEST49819443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.064496994 CEST4434981940.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:34.073975086 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:34.077090025 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:34.081882954 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:34.123069048 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:34.170994997 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:34.223347902 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:34.324074984 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:34.327116013 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:34.327145100 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:34.504543066 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.504580021 CEST4434982134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:34.504914045 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.506418943 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.506433964 CEST4434982134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:34.513926029 CEST49819443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.578864098 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.578896999 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:34.579128981 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.579407930 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:34.579416037 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:34.801484108 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:34.801506996 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:34.801522017 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:34.801531076 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:34.962392092 CEST4434982134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:34.962706089 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.967242002 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.967242002 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.967257023 CEST4434982134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:34.967422962 CEST4434982134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:34.967477083 CEST49821443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:34.969881058 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:34.974754095 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:35.064218044 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:35.067619085 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:35.072602987 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:35.109070063 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:35.209990978 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:35.256247044 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:35.318869114 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.318895102 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.318938017 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.318963051 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:35.318989038 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.319005966 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:35.319382906 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:35.319397926 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.319406986 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:35.319510937 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.319538116 CEST4434981740.126.32.68192.168.2.7
                                                              Sep 5, 2024 08:55:35.319891930 CEST49817443192.168.2.740.126.32.68
                                                              Sep 5, 2024 08:55:35.383878946 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:35.383954048 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:35.385097980 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:35.385107994 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:35.385371923 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:35.425601006 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:35.854104042 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:35.854211092 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:35.854439020 CEST4434982240.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:35.854677916 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:35.854695082 CEST49822443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.140165091 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.140213013 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:36.142911911 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.143457890 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.143474102 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:36.902339935 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:36.902415991 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.903616905 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:36.903630018 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:36.903886080 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:36.951251030 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:37.013164043 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:37.013223886 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:37.013355017 CEST4434982440.127.240.158192.168.2.7
                                                              Sep 5, 2024 08:55:37.013365984 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:37.013473034 CEST49824443192.168.2.740.127.240.158
                                                              Sep 5, 2024 08:55:45.082103968 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:45.087198973 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:45.213715076 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:45.218544960 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:51.610160112 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:51.610208988 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:51.610305071 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:51.610671043 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:51.610687971 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.321921110 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.321991920 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.324780941 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.324790001 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.325020075 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.332684994 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.376499891 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.597759008 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.597780943 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.597810984 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.597856045 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.597872972 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.597907066 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.598045111 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.598283052 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.598336935 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.598834991 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.600827932 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.602653027 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.603387117 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.603403091 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:52.603420973 CEST49825443192.168.2.713.85.23.86
                                                              Sep 5, 2024 08:55:52.603425026 CEST4434982513.85.23.86192.168.2.7
                                                              Sep 5, 2024 08:55:55.087719917 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:55.093137980 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:55.228879929 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:55.233911037 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:55.536266088 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:55.536267996 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:55.536281109 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:55.536288977 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:56.413856983 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.413881063 CEST4434982734.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:56.414186001 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.415556908 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.415565968 CEST4434982734.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:56.671890974 CEST44349783104.98.116.138192.168.2.7
                                                              Sep 5, 2024 08:55:56.676218987 CEST49783443192.168.2.7104.98.116.138
                                                              Sep 5, 2024 08:55:56.908907890 CEST4434982734.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:56.909049988 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.913923979 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.913929939 CEST4434982734.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:56.914028883 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.914047003 CEST4434982734.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:55:56.914711952 CEST49827443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:55:56.916501999 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:56.921380997 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:57.012357950 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:57.020935059 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:57.025834084 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:57.058958054 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:55:57.115293026 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:55:57.156454086 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:00.169414997 CEST49760443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:00.169435024 CEST44349760172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:00.169464111 CEST49761443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:00.169490099 CEST44349761172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619086981 CEST49737443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619117022 CEST44349737172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619143963 CEST49741443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619183064 CEST44349741172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619199038 CEST49742443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619204998 CEST44349742172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619220018 CEST49739443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619225979 CEST44349739172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619299889 CEST49740443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619304895 CEST44349740172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:01.619339943 CEST49738443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.619348049 CEST44349738172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.398987055 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.399018049 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.399128914 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.399337053 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.399349928 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.689994097 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.690066099 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.698474884 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.698606968 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.698625088 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.703057051 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.703109980 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.703299999 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.703308105 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.703530073 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.703545094 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.703761101 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.703767061 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.703991890 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.703999996 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.704107046 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704107046 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704114914 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704130888 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704266071 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704266071 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704291105 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.704431057 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704444885 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.704520941 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704530001 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.704611063 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704621077 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.704687119 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:02.704696894 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:02.860043049 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.887226105 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.887247086 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.887553930 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.890834093 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.890887022 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.890985966 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:02.932509899 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:02.940054893 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:03.024821043 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:03.024871111 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:03.027077913 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:03.027395010 CEST49829443192.168.2.723.200.0.42
                                                              Sep 5, 2024 08:56:03.027405024 CEST4434982923.200.0.42192.168.2.7
                                                              Sep 5, 2024 08:56:03.155126095 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.156858921 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.156873941 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.157002926 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.157099009 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.157363892 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.157602072 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.160310030 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.160320044 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.160582066 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.160738945 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.161684990 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.162056923 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.162059069 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.162935019 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.162945986 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.163155079 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.165366888 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.165379047 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.165606976 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.167890072 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.167895079 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.168097019 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.170144081 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.170150995 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.170401096 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.173599005 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.173741102 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.173950911 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.173959017 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.174503088 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.174595118 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.174650908 CEST4434983034.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.174700022 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.174750090 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.174850941 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.175023079 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.175048113 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.175096989 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.175149918 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.175225973 CEST4434983234.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.175687075 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.175709963 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.176964998 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.177038908 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.177115917 CEST4434983334.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.177371025 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.180505037 CEST4434983534.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.182305098 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.182317019 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.182332039 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.182344913 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185859919 CEST49830443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185904980 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185904980 CEST49832443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185919046 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185924053 CEST49833443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.185924053 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.186134100 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.186148882 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.186206102 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.186224937 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.186297894 CEST49835443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.186321020 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.189237118 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.189255953 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.189477921 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.191152096 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.191234112 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.191293001 CEST4434983434.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.191637993 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.193469048 CEST49834443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.228255987 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.233592987 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.322550058 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.356862068 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.361684084 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.363962889 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.384493113 CEST4434983134.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.385174036 CEST49831443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.451000929 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.505250931 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.824533939 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.824546099 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.825020075 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.825033903 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.827672958 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.827672958 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.831571102 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.831587076 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.831804037 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.833988905 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.834001064 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.834211111 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.836759090 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.836894035 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.836983919 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.836994886 CEST4434983734.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.837089062 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.837141037 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.837229967 CEST4434983634.120.208.123192.168.2.7
                                                              Sep 5, 2024 08:56:03.848325968 CEST49836443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.848359108 CEST49837443192.168.2.734.120.208.123
                                                              Sep 5, 2024 08:56:03.883960009 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.888840914 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.978471041 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:03.983357906 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:03.988594055 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:04.030112982 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:04.078068018 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:04.124660015 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:11.610007048 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.610060930 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.610121012 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:56:11.610131025 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:56:11.610286951 CEST44349756142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:56:11.610354900 CEST44349757142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:56:11.610867977 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.610882044 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.610896111 CEST49757443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.610898018 CEST49756443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:56:11.716537952 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:11.716586113 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:11.716798067 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:11.716973066 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:11.716984987 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.349178076 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.351336002 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.351355076 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.351815939 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.353146076 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.353262901 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.354068995 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.400511026 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.459383965 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.459403992 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.464099884 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.464124918 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.464139938 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.464200020 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.541606903 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.541618109 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.541667938 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.541692019 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.542279005 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.542292118 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.542442083 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.543395996 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.543404102 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.543436050 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.543896914 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.543903112 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.544003010 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.634967089 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.634989977 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.635288000 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.635338068 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.635373116 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.635426998 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:12.640702963 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.641191006 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.641237974 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.673760891 CEST49839443192.168.2.713.107.246.40
                                                              Sep 5, 2024 08:56:12.673784018 CEST4434983913.107.246.40192.168.2.7
                                                              Sep 5, 2024 08:56:14.073507071 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:14.078399897 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:14.174690962 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:14.179485083 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:18.834815025 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:18.839627028 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:18.929342985 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:18.943540096 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:18.948354006 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:18.977993965 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:19.037679911 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:19.078679085 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:28.953773022 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:28.959192991 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:29.054378033 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:29.059608936 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:36.933764935 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:36.933795929 CEST4434984134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:56:36.934014082 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:36.935508966 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:36.935524940 CEST4434984134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:56:37.394006014 CEST4434984134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:56:37.401799917 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:37.405891895 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:37.405906916 CEST4434984134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:56:37.406004906 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:37.406033039 CEST4434984134.107.243.93192.168.2.7
                                                              Sep 5, 2024 08:56:37.407027006 CEST49841443192.168.2.734.107.243.93
                                                              Sep 5, 2024 08:56:37.409250975 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:37.414191008 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:37.504000902 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:37.525273085 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:37.530083895 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:37.562835932 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:37.619528055 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:37.669068098 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:47.525475979 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:47.530378103 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:47.636456013 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:47.641424894 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:57.541785955 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:57.546649933 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:56:57.662853003 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:56:57.667716980 CEST804977534.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:57:07.564351082 CEST4978080192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:57:07.569396973 CEST804978034.107.221.82192.168.2.7
                                                              Sep 5, 2024 08:57:07.688803911 CEST4977580192.168.2.734.107.221.82
                                                              Sep 5, 2024 08:57:07.693648100 CEST804977534.107.221.82192.168.2.7

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 5, 2024 08:55:00.559967995 CEST53638561.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:01.622374058 CEST6352653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:01.622725010 CEST5989653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:03.241090059 CEST53531871.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:03.444602966 CEST53496571.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.521774054 CEST5381153192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.522279978 CEST5093653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.522877932 CEST5752653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.523030043 CEST6043653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.528428078 CEST53538111.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.528795004 CEST53509361.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.529442072 CEST53575261.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.529515982 CEST53604361.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.578480005 CEST5055753192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.578818083 CEST6009753192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:05.586772919 CEST53505571.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:05.588361979 CEST53600971.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:06.530858040 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:06.836824894 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.147352934 CEST123123192.168.2.713.95.65.251
                                                              Sep 5, 2024 08:55:07.450272083 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.647098064 CEST6180153192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:07.952873945 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.952893972 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.952903986 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.952914953 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.952927113 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:07.968087912 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.969604969 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.969958067 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.971225023 CEST53618011.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:07.972934961 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:07.981230974 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.007899046 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.053801060 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.066132069 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.066277027 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.066287041 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.066293955 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.069041014 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.069710970 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.070046902 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.070101976 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.070113897 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.070528030 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.072357893 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.072458029 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.072654009 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.081072092 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.088905096 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.093485117 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.103193998 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.103719950 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.104449987 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.104681015 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.117961884 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.118036032 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.164772987 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.165380001 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.166079044 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.171413898 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.175429106 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.176397085 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.193540096 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.193635941 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.288044930 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.288768053 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.289414883 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:08.299882889 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:08.300944090 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:08.305412054 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:08.305623055 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:08.479412079 CEST12312313.95.65.251192.168.2.7
                                                              Sep 5, 2024 08:55:09.362499952 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.557550907 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.557566881 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.557576895 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.557583094 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.557593107 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.573859930 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.574459076 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.575040102 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.654736042 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.655390978 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.674315929 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.674355984 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.674420118 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.681715965 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.681780100 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.682039022 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.697401047 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:09.700006008 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.701133966 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.734282970 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.749986887 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.751727104 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.755882025 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.780308008 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.781706095 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.793041945 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:09.793174028 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:09.875159025 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:09.888334990 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:09.888894081 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:09.889650106 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:09.900950909 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:09.916991949 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:09.917066097 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:09.917623043 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:09.919866085 CEST5540453192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:09.929095984 CEST6192653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:09.936599970 CEST53619261.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:09.940556049 CEST5256053192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:09.942018986 CEST5600053192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:09.947118044 CEST53525601.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:09.949218988 CEST53560001.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:09.960928917 CEST6485153192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:09.968053102 CEST53648511.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:10.003875017 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.011756897 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.012435913 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.012571096 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.017256975 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.018078089 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.019058943 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.019306898 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.019318104 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.118166924 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:10.118235111 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:10.118243933 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:10.118256092 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:10.122138023 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:10.122205019 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:10.123235941 CEST59743443192.168.2.7142.251.16.84
                                                              Sep 5, 2024 08:55:10.140466928 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.140561104 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.157655001 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.157716036 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.158312082 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.163777113 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.163789034 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.163799047 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.163810015 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.164000034 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.167690992 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.168586969 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.168704033 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.169064045 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.169078112 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.180819988 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.222855091 CEST44359743142.251.16.84192.168.2.7
                                                              Sep 5, 2024 08:55:10.236107111 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.238174915 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.238701105 CEST44362135172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.239150047 CEST62135443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.263375044 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.263533115 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.264503002 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.275099039 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.275866985 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.276612997 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.280723095 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.282217979 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.282824993 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.291441917 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.291644096 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.307674885 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.340152979 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:10.402834892 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:10.477869034 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.483089924 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.485533953 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.489902973 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.489919901 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.489931107 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.494980097 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.496215105 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.496500969 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.496603966 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.496618986 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.533746958 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.595566988 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.595726967 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.595736980 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.596138000 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.596167088 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.596503019 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.596641064 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.634026051 CEST64074443192.168.2.7142.251.40.99
                                                              Sep 5, 2024 08:55:10.719799995 CEST44364074142.251.40.99192.168.2.7
                                                              Sep 5, 2024 08:55:10.783745050 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.842911005 CEST5742953192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:10.843455076 CEST6302653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:10.849760056 CEST53574291.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:10.850244045 CEST53630261.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:10.924391031 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.925035000 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.927185059 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.927325964 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.927459002 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.927602053 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:10.938353062 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.939735889 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.940053940 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.940152884 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.940521955 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:10.940661907 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.033464909 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.033523083 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.033533096 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.033540964 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.034497023 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.035273075 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.035553932 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.060401917 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.060499907 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.060645103 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.144216061 CEST4982753192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.150938034 CEST53498271.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.153934002 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.246313095 CEST5098853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.254705906 CEST53509881.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.257149935 CEST5453853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.339231014 CEST4925653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.346155882 CEST53492561.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.380326033 CEST5182153192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.386776924 CEST44362614172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:55:11.388360023 CEST53518211.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.404059887 CEST62614443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:55:11.409564972 CEST6525753192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.410232067 CEST6021653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.417184114 CEST53652571.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.417208910 CEST53602161.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.424549103 CEST5849653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.424850941 CEST5978953192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.431090117 CEST53584961.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.431653023 CEST53597891.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.499990940 CEST5266953192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.506721973 CEST53526691.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.514919043 CEST5578653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.521608114 CEST53557861.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:11.523595095 CEST6146853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:11.530703068 CEST53614681.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:15.169414997 CEST6178353192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:15.177509069 CEST53617831.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:15.178220034 CEST5966353192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:15.185152054 CEST53596631.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:15.185713053 CEST5054453192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:15.192450047 CEST53505441.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:16.470956087 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:16.471004963 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:16.570035934 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:16.605936050 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:16.629318953 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:16.629344940 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:16.629683018 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:16.668420076 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:16.751368046 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:17.462131977 CEST6094253192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:17.488298893 CEST53620991.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:17.867392063 CEST5820553192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:17.874547958 CEST53582051.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:17.875648022 CEST5406453192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:17.882268906 CEST53540641.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:17.883066893 CEST5851053192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:17.890356064 CEST53585101.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:18.511030912 CEST6235953192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:18.517704964 CEST53623591.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:18.522001982 CEST5200653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:18.529479027 CEST53520061.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:18.541898012 CEST6393753192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:18.549751043 CEST53639371.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:19.718540907 CEST6493253192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:19.725409985 CEST53649321.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:19.727406025 CEST5436653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:19.734110117 CEST53543661.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:19.734893084 CEST6146653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:19.742254019 CEST53614661.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:23.609119892 CEST5968253192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:23.615351915 CEST5826853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:23.616055965 CEST53596821.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:23.622113943 CEST53582681.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.744982958 CEST5053553192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.748430014 CEST5374653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.751629114 CEST53505351.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.755279064 CEST53537461.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.761493921 CEST5848653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.768990040 CEST53584861.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.769740105 CEST5815653192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.777110100 CEST53581561.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.781481028 CEST6073553192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.788902998 CEST53607351.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.813868046 CEST6099053192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.821528912 CEST53609901.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:32.825613022 CEST5696853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:32.832256079 CEST53569681.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:34.504858017 CEST5536353192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:34.512065887 CEST53553631.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:38.175383091 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.288955927 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:38.288968086 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:38.290404081 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.319181919 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.410478115 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:38.534789085 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.645003080 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:38.645291090 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:38.645665884 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.681567907 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:38.766520023 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:39.843946934 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:39.954732895 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:39.954971075 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:39.955326080 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:39.994944096 CEST58723443192.168.2.7142.250.80.78
                                                              Sep 5, 2024 08:55:40.075562954 CEST44358723142.250.80.78192.168.2.7
                                                              Sep 5, 2024 08:55:56.413436890 CEST6489953192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:56.420764923 CEST53648991.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:56.421964884 CEST6021153192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:55:56.428514957 CEST53602111.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:55:56.916754961 CEST5782453192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:56:01.197770119 CEST138138192.168.2.7192.168.2.255
                                                              Sep 5, 2024 08:56:01.620503902 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.620631933 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.620822906 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:01.620892048 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.095596075 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.098138094 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.098185062 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.128765106 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.193758965 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.193780899 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.193821907 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.193830967 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.197987080 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.198059082 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.293694973 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.296827078 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.395869017 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.396286964 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.396794081 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:02.398421049 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:02.705193996 CEST5200853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:56:02.712097883 CEST53520081.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:56:04.597611904 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:04.597724915 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:04.694875002 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:04.695652008 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:04.698376894 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:04.698998928 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:04.700145960 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.009891033 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.164577007 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.179169893 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.179182053 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.179193020 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.179208040 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.181476116 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.181814909 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.184696913 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.184813976 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.284136057 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.284147978 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.284372091 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.284380913 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:05.284504890 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.284784079 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:05.382924080 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:09.476035118 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:09.476152897 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:09.572664976 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:09.573231936 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:09.573347092 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:09.583549976 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:09.584453106 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:09.584593058 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.049469948 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.049495935 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.049504995 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.061789989 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.061866045 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.062150955 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.072974920 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.162492037 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.162789106 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.178563118 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.212994099 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.213006020 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.213015079 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:10.214927912 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:10.215061903 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:10.215641975 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.215727091 CEST62484443192.168.2.7172.253.63.84
                                                              Sep 5, 2024 08:56:10.311122894 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:10.311578035 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:10.312136889 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:10.316833973 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:10.340820074 CEST44362484172.253.63.84192.168.2.7
                                                              Sep 5, 2024 08:56:11.610591888 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:11.610702038 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:11.707112074 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:11.708463907 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:11.708551884 CEST44356693172.64.41.3192.168.2.7
                                                              Sep 5, 2024 08:56:11.715857983 CEST56693443192.168.2.7172.64.41.3
                                                              Sep 5, 2024 08:56:12.978560925 CEST6139253192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:56:25.285377026 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:25.311328888 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:25.870760918 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:25.900414944 CEST53498443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:56:35.283723116 CEST4435349823.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:56:36.922061920 CEST6082853192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:56:36.928703070 CEST53608281.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:56:36.932400942 CEST6401553192.168.2.71.1.1.1
                                                              Sep 5, 2024 08:56:36.939656973 CEST53640151.1.1.1192.168.2.7
                                                              Sep 5, 2024 08:57:04.657656908 CEST50594443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:57:05.159842968 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.159858942 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.162736893 CEST50594443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:57:05.286216974 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.317862988 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.317908049 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.317915916 CEST4435059423.44.201.7192.168.2.7
                                                              Sep 5, 2024 08:57:05.318289042 CEST50594443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:57:05.345002890 CEST50594443192.168.2.723.44.201.7
                                                              Sep 5, 2024 08:57:05.413187981 CEST4435059423.44.201.7192.168.2.7

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 5, 2024 08:55:01.622374058 CEST192.168.2.71.1.1.10xf391Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:01.622725010 CEST192.168.2.71.1.1.10xc90Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.521774054 CEST192.168.2.71.1.1.10x1da1Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.522279978 CEST192.168.2.71.1.1.10xc32aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.522877932 CEST192.168.2.71.1.1.10x2101Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.523030043 CEST192.168.2.71.1.1.10xfdd7Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.578480005 CEST192.168.2.71.1.1.10x1bdaStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.578818083 CEST192.168.2.71.1.1.10xdfd1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:07.647098064 CEST192.168.2.71.1.1.10xb1d4Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.919866085 CEST192.168.2.71.1.1.10xd87fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.929095984 CEST192.168.2.71.1.1.10xec17Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.940556049 CEST192.168.2.71.1.1.10xdac4Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.942018986 CEST192.168.2.71.1.1.10x1176Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.960928917 CEST192.168.2.71.1.1.10xff62Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:10.842911005 CEST192.168.2.71.1.1.10x93a6Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:10.843455076 CEST192.168.2.71.1.1.10xeae1Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.144216061 CEST192.168.2.71.1.1.10xd47aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.246313095 CEST192.168.2.71.1.1.10x5a7fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.257149935 CEST192.168.2.71.1.1.10x1330Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.339231014 CEST192.168.2.71.1.1.10x152eStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.380326033 CEST192.168.2.71.1.1.10x838aStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.409564972 CEST192.168.2.71.1.1.10x67a2Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.410232067 CEST192.168.2.71.1.1.10xd816Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.424549103 CEST192.168.2.71.1.1.10x3f3eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.424850941 CEST192.168.2.71.1.1.10xd923Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.499990940 CEST192.168.2.71.1.1.10xfe4bStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.514919043 CEST192.168.2.71.1.1.10xdfd5Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.523595095 CEST192.168.2.71.1.1.10xf700Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.169414997 CEST192.168.2.71.1.1.10xbab8Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.178220034 CEST192.168.2.71.1.1.10x24f7Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.185713053 CEST192.168.2.71.1.1.10xa209Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.462131977 CEST192.168.2.71.1.1.10xe497Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.867392063 CEST192.168.2.71.1.1.10x49b2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.875648022 CEST192.168.2.71.1.1.10x79adStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.883066893 CEST192.168.2.71.1.1.10x4a3aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.511030912 CEST192.168.2.71.1.1.10x6878Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.522001982 CEST192.168.2.71.1.1.10xae33Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.541898012 CEST192.168.2.71.1.1.10xf469Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.718540907 CEST192.168.2.71.1.1.10xd83cStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.727406025 CEST192.168.2.71.1.1.10x1b34Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.734893084 CEST192.168.2.71.1.1.10xc6deStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:23.609119892 CEST192.168.2.71.1.1.10x7f2cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:23.615351915 CEST192.168.2.71.1.1.10x57c4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.744982958 CEST192.168.2.71.1.1.10x2ed6Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.748430014 CEST192.168.2.71.1.1.10xebeStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.761493921 CEST192.168.2.71.1.1.10x4775Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.769740105 CEST192.168.2.71.1.1.10xe7c2Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.781481028 CEST192.168.2.71.1.1.10xe4d0Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.813868046 CEST192.168.2.71.1.1.10x95c9Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.825613022 CEST192.168.2.71.1.1.10xfd75Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:34.504858017 CEST192.168.2.71.1.1.10x26e8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.413436890 CEST192.168.2.71.1.1.10x5fd0Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.421964884 CEST192.168.2.71.1.1.10xbf02Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.916754961 CEST192.168.2.71.1.1.10x70f8Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:56:02.705193996 CEST192.168.2.71.1.1.10xf38dStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 5, 2024 08:56:12.978560925 CEST192.168.2.71.1.1.10xb8bdStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:56:36.922061920 CEST192.168.2.71.1.1.10x7a39Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:56:36.932400942 CEST192.168.2.71.1.1.10xc89bStandard query (0)push.services.mozilla.com28IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 5, 2024 08:55:00.577115059 CEST1.1.1.1192.168.2.70x6320No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:00.577115059 CEST1.1.1.1192.168.2.70x6320No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:00.577259064 CEST1.1.1.1192.168.2.70xad09No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:01.628942013 CEST1.1.1.1192.168.2.70xf391No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:01.629894972 CEST1.1.1.1192.168.2.70xc90No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.006010056 CEST1.1.1.1192.168.2.70xb973No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.006010056 CEST1.1.1.1192.168.2.70xb973No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.006021023 CEST1.1.1.1192.168.2.70x9c57No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.528428078 CEST1.1.1.1192.168.2.70x1da1No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.528428078 CEST1.1.1.1192.168.2.70x1da1No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.528795004 CEST1.1.1.1192.168.2.70xc32aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.529442072 CEST1.1.1.1192.168.2.70x2101No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.529442072 CEST1.1.1.1192.168.2.70x2101No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.529515982 CEST1.1.1.1192.168.2.70xfdd7No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.586772919 CEST1.1.1.1192.168.2.70x1bdaNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.586772919 CEST1.1.1.1192.168.2.70x1bdaNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:05.588361979 CEST1.1.1.1192.168.2.70xdfd1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 5, 2024 08:55:06.019854069 CEST1.1.1.1192.168.2.70xd1f5No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:06.019854069 CEST1.1.1.1192.168.2.70xd1f5No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:06.020762920 CEST1.1.1.1192.168.2.70xc16bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:07.971225023 CEST1.1.1.1192.168.2.70xb1d4No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:07.971225023 CEST1.1.1.1192.168.2.70xb1d4No error (0)www3.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.918342113 CEST1.1.1.1192.168.2.70x53a8No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.926487923 CEST1.1.1.1192.168.2.70xd87fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.926487923 CEST1.1.1.1192.168.2.70xd87fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.936599970 CEST1.1.1.1192.168.2.70xec17No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.949218988 CEST1.1.1.1192.168.2.70x1176No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:09.968053102 CEST1.1.1.1192.168.2.70xff62No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:10.849760056 CEST1.1.1.1192.168.2.70x93a6No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:10.850244045 CEST1.1.1.1192.168.2.70xeae1No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:10.850244045 CEST1.1.1.1192.168.2.70xeae1No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.150938034 CEST1.1.1.1192.168.2.70xd47aNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.254705906 CEST1.1.1.1192.168.2.70x5a7fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.267128944 CEST1.1.1.1192.168.2.70x1330No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.267128944 CEST1.1.1.1192.168.2.70x1330No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.388360023 CEST1.1.1.1192.168.2.70x838aNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.388360023 CEST1.1.1.1192.168.2.70x838aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.393486977 CEST1.1.1.1192.168.2.70x8286No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.393486977 CEST1.1.1.1192.168.2.70x8286No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.417184114 CEST1.1.1.1192.168.2.70x67a2No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.417208910 CEST1.1.1.1192.168.2.70xd816No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.506721973 CEST1.1.1.1192.168.2.70xfe4bNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.506721973 CEST1.1.1.1192.168.2.70xfe4bNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.506721973 CEST1.1.1.1192.168.2.70xfe4bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.521608114 CEST1.1.1.1192.168.2.70xdfd5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:11.530703068 CEST1.1.1.1192.168.2.70xf700No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.177509069 CEST1.1.1.1192.168.2.70xbab8No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.177509069 CEST1.1.1.1192.168.2.70xbab8No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.177509069 CEST1.1.1.1192.168.2.70xbab8No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:15.185152054 CEST1.1.1.1192.168.2.70x24f7No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.469574928 CEST1.1.1.1192.168.2.70xe497No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.874547958 CEST1.1.1.1192.168.2.70x49b2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:17.882268906 CEST1.1.1.1192.168.2.70x79adNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.510103941 CEST1.1.1.1192.168.2.70x8e73No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.517704964 CEST1.1.1.1192.168.2.70x6878No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.545159101 CEST1.1.1.1192.168.2.70x1c9dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:18.545159101 CEST1.1.1.1192.168.2.70x1c9dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.413650036 CEST1.1.1.1192.168.2.70xae6aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.725409985 CEST1.1.1.1192.168.2.70xd83cNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.725409985 CEST1.1.1.1192.168.2.70xd83cNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:19.734110117 CEST1.1.1.1192.168.2.70x1b34No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.751629114 CEST1.1.1.1192.168.2.70x2ed6No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.751629114 CEST1.1.1.1192.168.2.70x2ed6No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.751629114 CEST1.1.1.1192.168.2.70x2ed6No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.751629114 CEST1.1.1.1192.168.2.70x2ed6No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.768990040 CEST1.1.1.1192.168.2.70x4775No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.768990040 CEST1.1.1.1192.168.2.70x4775No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.768990040 CEST1.1.1.1192.168.2.70x4775No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.768990040 CEST1.1.1.1192.168.2.70x4775No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.788902998 CEST1.1.1.1192.168.2.70xe4d0No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.788902998 CEST1.1.1.1192.168.2.70xe4d0No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:32.821528912 CEST1.1.1.1192.168.2.70x95c9No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:34.031730890 CEST1.1.1.1192.168.2.70x6de0No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:34.031730890 CEST1.1.1.1192.168.2.70x6de0No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.420764923 CEST1.1.1.1192.168.2.70x5fd0No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.923345089 CEST1.1.1.1192.168.2.70x70f8No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:55:56.923345089 CEST1.1.1.1192.168.2.70x70f8No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:56:12.985459089 CEST1.1.1.1192.168.2.70xb8bdNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 5, 2024 08:56:12.985459089 CEST1.1.1.1192.168.2.70xb8bdNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 5, 2024 08:56:36.928703070 CEST1.1.1.1192.168.2.70x7a39No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • api.edgeoffer.microsoft.com
                                                              • chrome.cloudflare-dns.com
                                                              • https:
                                                                • accounts.youtube.com
                                                                • www.google.com
                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              • edgeassetservice.azureedge.net
                                                              • fs.microsoft.com
                                                              • clients2.googleusercontent.com
                                                              • login.live.com
                                                              • slscr.update.microsoft.com
                                                              • detectportal.firefox.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.74975534.107.221.82804888C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 5, 2024 08:55:09.960105896 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:10.417319059 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                              Age: 25800
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.74976634.107.221.82804888C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 5, 2024 08:55:11.351296902 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:11.790889025 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                              Age: 44605
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.74976734.107.221.82804888C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 5, 2024 08:55:11.395051956 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:11.840970993 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80776
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.74977534.107.221.82804888C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 5, 2024 08:55:12.570465088 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:13.011452913 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74267
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:14.126813889 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:14.221035957 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74269
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:16.926114082 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:17.020241976 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74271
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:19.157114983 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:19.251390934 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74274
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:19.636569023 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:19.730937958 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74274
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:21.711122036 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:21.966089010 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:22.453979969 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74277
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:22.457978010 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:22.552139044 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74277
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:22.950201988 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:23.046669960 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74278
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:23.703522921 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:23.797492981 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74278
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:24.287166119 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:24.381388903 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74279
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:26.283395052 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:26.377609015 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74281
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:27.086435080 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:27.188266993 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74282
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:33.327474117 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:33.421802044 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74288
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:33.614171028 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:33.724193096 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74288
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:33.880189896 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:33.974364042 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74288
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:34.077090025 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:34.170994997 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74289
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:35.067619085 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:35.209990978 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74290
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:55:45.213715076 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:55:55.228879929 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:55:57.020935059 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:55:57.115293026 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74312
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:56:03.356862068 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:56:03.451000929 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74318
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:56:03.983357906 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:56:04.078068018 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74319
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:56:14.174690962 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:18.943540096 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:56:19.037679911 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74333
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:56:29.054378033 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:37.525273085 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 5, 2024 08:56:37.619528055 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 10:17:25 GMT
                                                              Age: 74352
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 5, 2024 08:56:47.636456013 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:57.662853003 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:57:07.688803911 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.74978034.107.221.82804888C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 5, 2024 08:55:13.536818027 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:13.984324932 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80778
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:14.131180048 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:14.225298882 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80779
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:18.504127979 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:18.598789930 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80783
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:19.404783010 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:19.499401093 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80784
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:19.977751017 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:20.073215008 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80785
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:21.756299973 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:22.055974960 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:22.453991890 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80787
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:22.852961063 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:22.947226048 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80787
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:23.599287987 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:23.694030046 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80788
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:24.189511061 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:24.283895016 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80789
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:26.054261923 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:26.149099112 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80791
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:26.914174080 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:27.009053946 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80791
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:33.227665901 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:33.322088957 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80798
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:33.516813993 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:33.611562967 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80798
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:33.782403946 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:33.877521992 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80798
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:33.979265928 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:34.073975086 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80799
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:34.969881058 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:35.064218044 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80800
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:55:45.082103968 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:55:55.087719917 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:55:56.916501999 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:55:57.012357950 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80821
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:56:03.228255987 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:56:03.322550058 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80828
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:56:03.883960009 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:56:03.978471041 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80828
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:56:14.073507071 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:18.834815025 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:56:18.929342985 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80843
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:56:28.953773022 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:37.409250975 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 5, 2024 08:56:37.504000902 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Wed, 04 Sep 2024 08:28:55 GMT
                                                              Age: 80862
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 5, 2024 08:56:47.525475979 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:56:57.541785955 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 5, 2024 08:57:07.564351082 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.74970394.245.104.564437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:01 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                              Host: api.edgeoffer.microsoft.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:01 UTC584INHTTP/1.1 200 OK
                                                              Content-Length: 0
                                                              Connection: close
                                                              Content-Type: application/x-protobuf; charset=utf-8
                                                              Date: Thu, 05 Sep 2024 06:55:00 GMT
                                                              Server: Microsoft-IIS/10.0
                                                              Set-Cookie: ARRAffinity=cd96875fc303e27007d9c206602ea27bf1feed32164e2807972e120f5aafec02;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Set-Cookie: ARRAffinitySameSite=cd96875fc303e27007d9c206602ea27bf1feed32164e2807972e120f5aafec02;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                              Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                              X-Powered-By: ASP.NET


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.749726172.64.41.34437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-05 06:55:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-05 06:55:06 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Thu, 05 Sep 2024 06:55:06 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8be44fcf4f7d7cea-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-05 06:55:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 cf 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomQ)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.749728162.159.61.34437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-05 06:55:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-05 06:55:06 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Thu, 05 Sep 2024 06:55:06 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8be44fcf592a3308-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-05 06:55:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.749727172.64.41.34437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-05 06:55:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-05 06:55:06 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Thu, 05 Sep 2024 06:55:06 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8be44fcf5b497d11-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-05 06:55:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 b5 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom))


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.749730184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:08 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-05 06:55:08 UTC467INHTTP/1.1 200 OK
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF70)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=121850
                                                              Date: Thu, 05 Sep 2024 06:55:08 GMT
                                                              Connection: close
                                                              X-CID: 2


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.749748142.250.80.784437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:09 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:09 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Thu, 05 Sep 2024 06:55:09 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.749747142.250.80.784437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:09 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:09 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Thu, 05 Sep 2024 06:55:09 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.749743142.250.72.1104437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:09 UTC1080OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-713313087&timestamp=1725519305782 HTTP/1.1
                                                              Host: accounts.youtube.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-platform: "Windows"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              Upgrade-Insecure-Requests: 1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                              Sec-Fetch-Site: cross-site
                                                              Sec-Fetch-Mode: navigate
                                                              Sec-Fetch-Dest: iframe
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:09 UTC1971INHTTP/1.1 200 OK
                                                              Content-Type: text/html; charset=utf-8
                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-k07fmGsSHm_gN2jEnW3-NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                              Pragma: no-cache
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              Date: Thu, 05 Sep 2024 06:55:09 GMT
                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy: same-origin
                                                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw0JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6yXuy-xXgdi1Z5LrKZALMTDcXb1021sAi_OndnFpKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGFkqmdgEV9gAAA6YC73"
                                                              Server: ESF
                                                              X-XSS-Protection: 0
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Accept-Ranges: none
                                                              Vary: Accept-Encoding
                                                              Connection: close
                                                              Transfer-Encoding: chunked
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 37 36 33 61 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6b 30 37 66 6d 47 73 53 48 6d 5f 67 4e 32 6a 45 6e 57 33 2d 4e 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                              Data Ascii: 763a<html><head><script nonce="k07fmGsSHm_gN2jEnW3-NA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e
                                                              Data Ascii: n d in b})]||""}},pa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 0a 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                                              Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 76 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 0a 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                                              Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=va(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||ua(l)&&l.size===0)&&(l=
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                                              Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                                              Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                                              Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d 7d
                                                              Data Ascii: if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 3a 22 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 22 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61
                                                              Data Ascii: :"Unknown error",lineNumber:"Not available",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not ava
                                                              2024-09-05 06:55:09 UTC1971INData Raw: 72 6e 20 4a 5b 61 5d 3b 61 3d 53 74 72 69 6e 67 28 61 29 3b 69 66 28 21 4a 5b 61 5d 29 7b 76 61 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24
                                                              Data Ascii: rn J[a];a=String(a);if(!J[a]){var b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.749744152.195.19.974437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:09 UTC620OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726124103&P2=404&P3=2&P4=aMTfH5A2h6bte8x2Cw%2fzs5fQpYWkqqoLds62R%2fhtVYeH5UcD8X7BXqU7Xzy%2fra9vCC%2b3D83qwUmd8DfpZG4QLg%3d%3d HTTP/1.1
                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              Connection: keep-alive
                                                              MS-CV: 8+xTpkvc1qHWufkx596lTp
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:09 UTC632INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Age: 5445840
                                                              Cache-Control: public, max-age=17280000
                                                              Content-Type: application/x-chrome-extension
                                                              Date: Thu, 05 Sep 2024 06:55:09 GMT
                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                              Server: ECAcc (nyd/D11E)
                                                              X-AspNet-Version: 4.0.30319
                                                              X-AspNetMvc-Version: 5.3
                                                              X-Cache: HIT
                                                              X-CCC: US
                                                              X-CID: 11
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By: ARR/3.0
                                                              X-Powered-By: ASP.NET
                                                              Content-Length: 11185
                                                              Connection: close
                                                              2024-09-05 06:55:09 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.74974613.107.246.404437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:09 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: Shoreline
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:09 UTC577INHTTP/1.1 200 OK
                                                              Date: Thu, 05 Sep 2024 06:55:09 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 306698
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                              ETag: 0x8DBC9B5C40EBFF4
                                                              x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240905T065509Z-165795675766wv96mecap1swx40000000c5g000000002tqb
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-05 06:55:09 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                              2024-09-05 06:55:09 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                              2024-09-05 06:55:09 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                              2024-09-05 06:55:10 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                              2024-09-05 06:55:10 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                              2024-09-05 06:55:10 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.749749184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:10 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                              Range: bytes=0-2147483646
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-05 06:55:10 UTC515INHTTP/1.1 200 OK
                                                              ApiVersion: Distribute 1.1
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF06)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=121847
                                                              Date: Thu, 05 Sep 2024 06:55:10 GMT
                                                              Content-Length: 55
                                                              Connection: close
                                                              X-CID: 2
                                                              2024-09-05 06:55:10 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.74975013.107.246.404437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:10 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 0
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:10 UTC583INHTTP/1.1 200 OK
                                                              Date: Thu, 05 Sep 2024 06:55:10 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 70207
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                              ETag: 0x8DCB31E67C22927
                                                              x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240905T065510Z-16579567576mj4tcuw5tk3rrkw0000000190000000006yhz
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-05 06:55:10 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                              2024-09-05 06:55:10 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                              2024-09-05 06:55:10 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.749751142.251.40.1294437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:10 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                              Host: clients2.googleusercontent.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:10 UTC565INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 135751
                                                              X-GUploader-UploadID: AD-8ljsfoCbeTxmSretPkziONzDOwTyIuj4mS52MlQTlFqNHZz7hM4X2e8NY7eq2IGbHgyEeBg
                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                              Server: UploadServer
                                                              Date: Wed, 04 Sep 2024 17:10:32 GMT
                                                              Expires: Thu, 04 Sep 2025 17:10:32 GMT
                                                              Cache-Control: public, max-age=31536000
                                                              Age: 49478
                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                              Content-Type: application/x-chrome-extension
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-05 06:55:10 UTC825INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17
                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2
                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d
                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3
                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49
                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61
                                                              Data Ascii: =%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhPa
                                                              2024-09-05 06:55:10 UTC1390INData Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3
                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90
                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                              2024-09-05 06:55:10 UTC1390INData Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97
                                                              Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.749758142.250.64.684437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:10 UTC881OUTGET /favicon.ico HTTP/1.1
                                                              Host: www.google.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-platform: "Windows"
                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: image
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:55:10 UTC704INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                              Content-Length: 5430
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Date: Thu, 05 Sep 2024 06:49:57 GMT
                                                              Expires: Fri, 13 Sep 2024 06:49:57 GMT
                                                              Cache-Control: public, max-age=691200
                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                              Content-Type: image/x-icon
                                                              Vary: Accept-Encoding
                                                              Age: 313
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-05 06:55:10 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                              2024-09-05 06:55:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                              2024-09-05 06:55:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                              2024-09-05 06:55:10 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: BBBBBBF!4I
                                                              2024-09-05 06:55:10 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: $'


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.74977640.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:13 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 3592
                                                              Host: login.live.com
                                                              2024-09-05 06:55:13 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:13 UTC568INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:13 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C531_BL2
                                                              x-ms-request-id: e89c5b33-f773-4b5d-b05f-740e67e4d9f4
                                                              PPServer: PPV: 30 H: BL02EPF00027B4C V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:12 GMT
                                                              Connection: close
                                                              Content-Length: 1276
                                                              2024-09-05 06:55:13 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.74977813.85.23.86443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cN51tuumaDKo4SR&MD=KaWhx23b HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-05 06:55:14 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                              MS-CorrelationId: a5c8e01d-7c72-4068-b5ec-a79e9294711f
                                                              MS-RequestId: e5deff25-bc69-46d8-a0e0-b3b36170a60b
                                                              MS-CV: LRCHWpn8X06Dia5y.0
                                                              X-Microsoft-SLSClientCache: 2880
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Thu, 05 Sep 2024 06:55:13 GMT
                                                              Connection: close
                                                              Content-Length: 24490
                                                              2024-09-05 06:55:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                              2024-09-05 06:55:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.74978140.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:14 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 3592
                                                              Host: login.live.com
                                                              2024-09-05 06:55:14 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:14 UTC568INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:14 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C531_BL2
                                                              x-ms-request-id: cc5884cd-89de-4947-abd2-a5850665ca26
                                                              PPServer: PPV: 30 H: BL02EPF0002B586 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:13 GMT
                                                              Connection: close
                                                              Content-Length: 1276
                                                              2024-09-05 06:55:14 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.74978240.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:14 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 7642
                                                              Host: login.live.com
                                                              2024-09-05 06:55:14 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 75 79 79 76 66 73 74 71 6b 76 7a 64 72 6c 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 6e 60 3f 3b 40 4e 6e 6f 60 4d 74 23 30 43 4f 46 2f 39 66 4c 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d
                                                              Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02uyyvfstqkvzdrl</Membername><Password>n`?;@Nno`Mt#0COF/9fL</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
                                                              2024-09-05 06:55:22 UTC542INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: text/xml
                                                              Expires: Thu, 05 Sep 2024 06:54:14 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C526_BL2
                                                              x-ms-request-id: ea6923cd-ab1b-475f-b7c8-eae079269f9c
                                                              PPServer: PPV: 30 H: BL02EPF0001DA26 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:21 GMT
                                                              Connection: close
                                                              Content-Length: 17166
                                                              2024-09-05 06:55:22 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 30 37 39 41 39 33 36 42 41 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 33 33 31 31 37 65 63 32 2d 38 34 30 30 2d 34 37 34 35 2d 39 32 34 32 2d 30 66 39 65 33 34 33 64 30 66 31 63 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                              Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018001079A936BA</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="33117ec2-8400-4745-9242-0f9e343d0f1c" LicenseID="3252b20c-d425-4711
                                                              2024-09-05 06:55:22 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                              Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.74979340.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 3592
                                                              Host: login.live.com
                                                              2024-09-05 06:55:23 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:29 UTC569INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:23 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C557_BL2
                                                              x-ms-request-id: 29010f95-9846-47d2-b655-b94b0e61a004
                                                              PPServer: PPV: 30 H: BL02EPF0001D7B0 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:28 GMT
                                                              Connection: close
                                                              Content-Length: 11389
                                                              2024-09-05 06:55:29 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.74980040.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:30 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 3592
                                                              Host: login.live.com
                                                              2024-09-05 06:55:30 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:30 UTC569INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:30 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C557_BAY
                                                              x-ms-request-id: da2bb48c-f3cf-4c93-aa12-0bc97845d4f5
                                                              PPServer: PPV: 30 H: PH1PEPF00011E3B V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:30 GMT
                                                              Connection: close
                                                              Content-Length: 11389
                                                              2024-09-05 06:55:30 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.74980140.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:31 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 4710
                                                              Host: login.live.com
                                                              2024-09-05 06:55:31 UTC4710OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:31 UTC569INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:31 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C557_BAY
                                                              x-ms-request-id: 52c5437d-f131-4874-98a8-7c57f72f979e
                                                              PPServer: PPV: 30 H: PH1PEPF00011FF8 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:31 GMT
                                                              Connection: close
                                                              Content-Length: 10173
                                                              2024-09-05 06:55:31 UTC10173INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.74980240.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:31 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 4775
                                                              Host: login.live.com
                                                              2024-09-05 06:55:31 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:31 UTC568INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:31 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C531_BL2
                                                              x-ms-request-id: 3f39e87d-9837-43a9-8bbd-92e69888d92c
                                                              PPServer: PPV: 30 H: BL02EPF0001D6E1 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:31 GMT
                                                              Connection: close
                                                              Content-Length: 1918
                                                              2024-09-05 06:55:31 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.74980440.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:32 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 4775
                                                              Host: login.live.com
                                                              2024-09-05 06:55:32 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:33 UTC569INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:32 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C557_BAY
                                                              x-ms-request-id: abf5b3c2-76b9-44e7-82fc-6512dcc23771
                                                              PPServer: PPV: 30 H: PH1PEPF00011CD6 V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:33 GMT
                                                              Connection: close
                                                              Content-Length: 11389
                                                              2024-09-05 06:55:33 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.74981740.126.32.68443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:34 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                              Connection: Keep-Alive
                                                              Content-Type: application/soap+xml
                                                              Accept: */*
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                              Content-Length: 4775
                                                              Host: login.live.com
                                                              2024-09-05 06:55:34 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                              2024-09-05 06:55:35 UTC569INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/soap+xml; charset=utf-8
                                                              Expires: Thu, 05 Sep 2024 06:54:35 GMT
                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                              x-ms-route-info: C557_BAY
                                                              x-ms-request-id: 87d4e66e-d413-4b92-b11b-1c3f855181cd
                                                              PPServer: PPV: 30 H: PH1PEPF00011E1B V: 0
                                                              X-Content-Type-Options: nosniff
                                                              Strict-Transport-Security: max-age=31536000
                                                              X-XSS-Protection: 1; mode=block
                                                              Date: Thu, 05 Sep 2024 06:55:35 GMT
                                                              Connection: close
                                                              Content-Length: 11389
                                                              2024-09-05 06:55:35 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.74982513.85.23.86443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:55:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cN51tuumaDKo4SR&MD=KaWhx23b HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-05 06:55:52 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                              MS-CorrelationId: f9a8cf72-40a3-427d-ba4b-fe665c772d2e
                                                              MS-RequestId: 844171a2-afd2-4361-a310-ee9be1467b12
                                                              MS-CV: ykt9tY7UhUitjeey.0
                                                              X-Microsoft-SLSClientCache: 1440
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Thu, 05 Sep 2024 06:55:52 GMT
                                                              Connection: close
                                                              Content-Length: 30005
                                                              2024-09-05 06:55:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                              2024-09-05 06:55:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.74982923.200.0.424437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:56:02 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Origin: https://business.bing.com
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: content-type
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:56:03 UTC330INHTTP/1.1 429 Too Many Requests
                                                              Content-Length: 0
                                                              Date: Thu, 05 Sep 2024 06:56:02 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.2aac2d17.1725519362.86bb75
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.74983913.107.246.404437652C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-05 06:56:12 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: ProductCategories
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-05 06:56:12 UTC559INHTTP/1.1 200 OK
                                                              Date: Thu, 05 Sep 2024 06:56:12 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 82989
                                                              Connection: close
                                                              Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                              ETag: 0x8DB5D5E89CE25EB
                                                              x-ms-request-id: 6fdf05a2-e01e-000b-5f3a-ff7073000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240905T065612Z-16579567576pgh4h94c7qn0kuc0000000c3g000000001s47
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-05 06:56:12 UTC15825INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                              Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                              2024-09-05 06:56:12 UTC16384INData Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a
                                                              Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
                                                              2024-09-05 06:56:12 UTC16384INData Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70
                                                              Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
                                                              2024-09-05 06:56:12 UTC16384INData Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e
                                                              Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin
                                                              2024-09-05 06:56:12 UTC16384INData Raw: 65 72 73 0a 27 08 a6 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c
                                                              Data Ascii: ers',"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2El
                                                              2024-09-05 06:56:12 UTC1628INData Raw: 0b 44 56 44 20 50 6c 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46
                                                              Data Ascii: DVD Players46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home F


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:02:54:55
                                                              Start date:05/09/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0x980000
                                                              File size:917'504 bytes
                                                              MD5 hash:72ED55D2571582A907985C027302A559
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:02:54:56
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:02:54:56
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:02:54:56
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:02:54:56
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:7
                                                              Start time:02:54:57
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,4098111406942502324,5433324402779486086,262144 /prefetch:3
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:8
                                                              Start time:02:54:57
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:9
                                                              Start time:02:54:58
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2784 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:3
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:13
                                                              Start time:02:55:01
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20230927232528 -prefsHandle 2276 -prefMapHandle 2268 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7523133-59e6-4e12-8aeb-fe358abdd661} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b8d06dd10 socket
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:17
                                                              Start time:02:55:03
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7100 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:18
                                                              Start time:02:55:04
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7244 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:23
                                                              Start time:02:55:06
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -parentBuildID 20230927232528 -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {271e73ac-af90-45d8-8de7-fa5692018d1d} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23b9f27b510 rdd
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:26
                                                              Start time:02:55:07
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7680 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:27
                                                              Start time:02:55:07
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7640 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:32
                                                              Start time:02:55:17
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef58d2-d38f-453c-bc2d-b69d4213eb44} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 23ba4d8a110 utility
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:36
                                                              Start time:04:35:54
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7132 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:38
                                                              Start time:04:36:04
                                                              Start date:05/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5828 --field-trial-handle=2104,i,11161203208486639778,9467597293734183405,262144 /prefetch:8
                                                              Imagebase:0x7ff7fb980000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.8%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:4.9%
                                                                Total number of Nodes:1377
                                                                Total number of Limit Nodes:53
                                                                execution_graph 96055 981098 96060 9842de 96055->96060 96059 9810a7 96081 98a961 96060->96081 96064 984342 96074 984378 96064->96074 96098 9893b2 96064->96098 96066 98436c 96102 9837a0 96066->96102 96067 98441b GetCurrentProcess IsWow64Process 96069 984437 96067->96069 96070 98444f LoadLibraryA 96069->96070 96071 9c3824 GetSystemInfo 96069->96071 96072 98449c GetSystemInfo 96070->96072 96073 984460 GetProcAddress 96070->96073 96077 984476 96072->96077 96073->96072 96076 984470 GetNativeSystemInfo 96073->96076 96074->96067 96075 9c37df 96074->96075 96076->96077 96078 98447a FreeLibrary 96077->96078 96079 98109d 96077->96079 96078->96079 96080 9a00a3 29 API calls __onexit 96079->96080 96080->96059 96106 99fe0b 96081->96106 96083 98a976 96116 99fddb 96083->96116 96085 9842f5 GetVersionExW 96086 986b57 96085->96086 96087 9c4ba1 96086->96087 96088 986b67 _wcslen 96086->96088 96089 9893b2 22 API calls 96087->96089 96091 986b7d 96088->96091 96092 986ba2 96088->96092 96090 9c4baa 96089->96090 96090->96090 96141 986f34 22 API calls 96091->96141 96093 99fddb 22 API calls 96092->96093 96096 986bae 96093->96096 96095 986b85 __fread_nolock 96095->96064 96097 99fe0b 22 API calls 96096->96097 96097->96095 96099 9893c0 96098->96099 96101 9893c9 __fread_nolock 96098->96101 96099->96101 96142 98aec9 96099->96142 96101->96066 96103 9837ae 96102->96103 96104 9893b2 22 API calls 96103->96104 96105 9837c2 96104->96105 96105->96074 96109 99fddb 96106->96109 96108 99fdfa 96108->96083 96109->96108 96112 99fdfc 96109->96112 96126 9aea0c 96109->96126 96133 9a4ead 7 API calls 2 library calls 96109->96133 96111 9a066d 96135 9a32a4 RaiseException 96111->96135 96112->96111 96134 9a32a4 RaiseException 96112->96134 96114 9a068a 96114->96083 96119 99fde0 96116->96119 96117 9aea0c ___std_exception_copy 21 API calls 96117->96119 96118 99fdfa 96118->96085 96119->96117 96119->96118 96122 99fdfc 96119->96122 96138 9a4ead 7 API calls 2 library calls 96119->96138 96121 9a066d 96140 9a32a4 RaiseException 96121->96140 96122->96121 96139 9a32a4 RaiseException 96122->96139 96124 9a068a 96124->96085 96131 9b3820 _abort 96126->96131 96127 9b385e 96137 9af2d9 20 API calls _abort 96127->96137 96128 9b3849 RtlAllocateHeap 96130 9b385c 96128->96130 96128->96131 96130->96109 96131->96127 96131->96128 96136 9a4ead 7 API calls 2 library calls 96131->96136 96133->96109 96134->96111 96135->96114 96136->96131 96137->96130 96138->96119 96139->96121 96140->96124 96141->96095 96143 98aed9 __fread_nolock 96142->96143 96144 98aedc 96142->96144 96143->96101 96145 99fddb 22 API calls 96144->96145 96146 98aee7 96145->96146 96147 99fe0b 22 API calls 96146->96147 96147->96143 96148 9a03fb 96149 9a0407 BuildCatchObjectHelperInternal 96148->96149 96177 99feb1 96149->96177 96151 9a040e 96152 9a0561 96151->96152 96155 9a0438 96151->96155 96207 9a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96152->96207 96154 9a0568 96200 9a4e52 96154->96200 96164 9a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96155->96164 96188 9b247d 96155->96188 96162 9a0457 96168 9a04d8 96164->96168 96203 9a4e1a 38 API calls 2 library calls 96164->96203 96166 9a04de 96169 9a04f3 96166->96169 96196 9a0959 96168->96196 96204 9a0992 GetModuleHandleW 96169->96204 96171 9a04fa 96171->96154 96172 9a04fe 96171->96172 96173 9a0507 96172->96173 96205 9a4df5 28 API calls _abort 96172->96205 96206 9a0040 13 API calls 2 library calls 96173->96206 96176 9a050f 96176->96162 96178 99feba 96177->96178 96209 9a0698 IsProcessorFeaturePresent 96178->96209 96180 99fec6 96210 9a2c94 10 API calls 3 library calls 96180->96210 96182 99fecb 96183 99fecf 96182->96183 96211 9b2317 96182->96211 96183->96151 96186 99fee6 96186->96151 96189 9b2494 96188->96189 96190 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96189->96190 96191 9a0451 96190->96191 96191->96162 96192 9b2421 96191->96192 96193 9b2450 96192->96193 96194 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96193->96194 96195 9b2479 96194->96195 96195->96164 96286 9a2340 96196->96286 96199 9a097f 96199->96166 96288 9a4bcf 96200->96288 96203->96168 96204->96171 96205->96173 96206->96176 96207->96154 96209->96180 96210->96182 96215 9bd1f6 96211->96215 96214 9a2cbd 8 API calls 3 library calls 96214->96183 96216 9bd213 96215->96216 96219 9bd20f 96215->96219 96216->96219 96221 9b4bfb 96216->96221 96218 99fed8 96218->96186 96218->96214 96233 9a0a8c 96219->96233 96222 9b4c07 BuildCatchObjectHelperInternal 96221->96222 96240 9b2f5e EnterCriticalSection 96222->96240 96224 9b4c0e 96241 9b50af 96224->96241 96226 9b4c1d 96227 9b4c2c 96226->96227 96254 9b4a8f 29 API calls 96226->96254 96256 9b4c48 LeaveCriticalSection _abort 96227->96256 96230 9b4c3d __fread_nolock 96230->96216 96231 9b4c27 96255 9b4b45 GetStdHandle GetFileType 96231->96255 96234 9a0a97 IsProcessorFeaturePresent 96233->96234 96235 9a0a95 96233->96235 96237 9a0c5d 96234->96237 96235->96218 96285 9a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96237->96285 96239 9a0d40 96239->96218 96240->96224 96242 9b50bb BuildCatchObjectHelperInternal 96241->96242 96243 9b50c8 96242->96243 96244 9b50df 96242->96244 96265 9af2d9 20 API calls _abort 96243->96265 96257 9b2f5e EnterCriticalSection 96244->96257 96247 9b50cd 96266 9b27ec 26 API calls __fread_nolock 96247->96266 96249 9b5117 96267 9b513e LeaveCriticalSection _abort 96249->96267 96250 9b50d7 __fread_nolock 96250->96226 96251 9b50eb 96251->96249 96258 9b5000 96251->96258 96254->96231 96255->96227 96256->96230 96257->96251 96268 9b4c7d 96258->96268 96260 9b5012 96264 9b501f 96260->96264 96275 9b3405 11 API calls 2 library calls 96260->96275 96263 9b5071 96263->96251 96276 9b29c8 96264->96276 96265->96247 96266->96250 96267->96250 96272 9b4c8a _abort 96268->96272 96269 9b4cca 96283 9af2d9 20 API calls _abort 96269->96283 96270 9b4cb5 RtlAllocateHeap 96271 9b4cc8 96270->96271 96270->96272 96271->96260 96272->96269 96272->96270 96282 9a4ead 7 API calls 2 library calls 96272->96282 96275->96260 96277 9b29d3 RtlFreeHeap 96276->96277 96278 9b29fc _free 96276->96278 96277->96278 96279 9b29e8 96277->96279 96278->96263 96284 9af2d9 20 API calls _abort 96279->96284 96281 9b29ee GetLastError 96281->96278 96282->96272 96283->96271 96284->96281 96285->96239 96287 9a096c GetStartupInfoW 96286->96287 96287->96199 96289 9a4bdb _abort 96288->96289 96290 9a4be2 96289->96290 96291 9a4bf4 96289->96291 96327 9a4d29 GetModuleHandleW 96290->96327 96312 9b2f5e EnterCriticalSection 96291->96312 96294 9a4be7 96294->96291 96328 9a4d6d GetModuleHandleExW 96294->96328 96298 9a4c70 96300 9a4c88 96298->96300 96304 9b2421 _abort 5 API calls 96298->96304 96305 9b2421 _abort 5 API calls 96300->96305 96301 9a4ce2 96336 9c1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96301->96336 96302 9a4cb6 96319 9a4ce8 96302->96319 96304->96300 96310 9a4c99 96305->96310 96306 9a4bfb 96306->96298 96306->96310 96313 9b21a8 96306->96313 96316 9a4cd9 96310->96316 96312->96306 96337 9b1ee1 96313->96337 96356 9b2fa6 LeaveCriticalSection 96316->96356 96318 9a4cb2 96318->96301 96318->96302 96357 9b360c 96319->96357 96322 9a4d16 96325 9a4d6d _abort 8 API calls 96322->96325 96323 9a4cf6 GetPEB 96323->96322 96324 9a4d06 GetCurrentProcess TerminateProcess 96323->96324 96324->96322 96326 9a4d1e ExitProcess 96325->96326 96327->96294 96329 9a4dba 96328->96329 96330 9a4d97 GetProcAddress 96328->96330 96331 9a4dc9 96329->96331 96332 9a4dc0 FreeLibrary 96329->96332 96335 9a4dac 96330->96335 96333 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96331->96333 96332->96331 96334 9a4bf3 96333->96334 96334->96291 96335->96329 96340 9b1e90 96337->96340 96339 9b1f05 96339->96298 96341 9b1e9c BuildCatchObjectHelperInternal 96340->96341 96348 9b2f5e EnterCriticalSection 96341->96348 96343 9b1eaa 96349 9b1f31 96343->96349 96347 9b1ec8 __fread_nolock 96347->96339 96348->96343 96350 9b1f51 96349->96350 96353 9b1f59 96349->96353 96351 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96350->96351 96352 9b1eb7 96351->96352 96355 9b1ed5 LeaveCriticalSection _abort 96352->96355 96353->96350 96354 9b29c8 _free 20 API calls 96353->96354 96354->96350 96355->96347 96356->96318 96358 9b3631 96357->96358 96359 9b3627 96357->96359 96364 9b2fd7 5 API calls 2 library calls 96358->96364 96361 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96359->96361 96362 9a4cf2 96361->96362 96362->96322 96362->96323 96363 9b3648 96363->96359 96364->96363 96365 98105b 96370 98344d 96365->96370 96367 98106a 96401 9a00a3 29 API calls __onexit 96367->96401 96369 981074 96371 98345d __wsopen_s 96370->96371 96372 98a961 22 API calls 96371->96372 96373 983513 96372->96373 96402 983a5a 96373->96402 96375 98351c 96409 983357 96375->96409 96382 98a961 22 API calls 96383 98354d 96382->96383 96430 98a6c3 96383->96430 96386 9c3176 RegQueryValueExW 96387 9c320c RegCloseKey 96386->96387 96388 9c3193 96386->96388 96391 983578 96387->96391 96399 9c321e _wcslen 96387->96399 96389 99fe0b 22 API calls 96388->96389 96390 9c31ac 96389->96390 96436 985722 96390->96436 96391->96367 96394 9c31d4 96395 986b57 22 API calls 96394->96395 96396 9c31ee ISource 96395->96396 96396->96387 96398 98515f 22 API calls 96398->96399 96399->96391 96399->96398 96400 984c6d 22 API calls 96399->96400 96439 989cb3 96399->96439 96400->96399 96401->96369 96445 9c1f50 96402->96445 96405 989cb3 22 API calls 96406 983a8d 96405->96406 96447 983aa2 96406->96447 96408 983a97 96408->96375 96410 9c1f50 __wsopen_s 96409->96410 96411 983364 GetFullPathNameW 96410->96411 96412 983386 96411->96412 96413 986b57 22 API calls 96412->96413 96414 9833a4 96413->96414 96415 9833c6 96414->96415 96416 9833dd 96415->96416 96417 9c30bb 96415->96417 96457 9833ee 96416->96457 96419 99fddb 22 API calls 96417->96419 96421 9c30c5 _wcslen 96419->96421 96420 9833e8 96424 98515f 96420->96424 96422 99fe0b 22 API calls 96421->96422 96423 9c30fe __fread_nolock 96422->96423 96425 98516e 96424->96425 96429 98518f __fread_nolock 96424->96429 96427 99fe0b 22 API calls 96425->96427 96426 99fddb 22 API calls 96428 983544 96426->96428 96427->96429 96428->96382 96429->96426 96431 98a6dd 96430->96431 96435 983556 RegOpenKeyExW 96430->96435 96432 99fddb 22 API calls 96431->96432 96433 98a6e7 96432->96433 96434 99fe0b 22 API calls 96433->96434 96434->96435 96435->96386 96435->96391 96437 99fddb 22 API calls 96436->96437 96438 985734 RegQueryValueExW 96437->96438 96438->96394 96438->96396 96440 989cc2 _wcslen 96439->96440 96441 99fe0b 22 API calls 96440->96441 96442 989cea __fread_nolock 96441->96442 96443 99fddb 22 API calls 96442->96443 96444 989d00 96443->96444 96444->96399 96446 983a67 GetModuleFileNameW 96445->96446 96446->96405 96448 9c1f50 __wsopen_s 96447->96448 96449 983aaf GetFullPathNameW 96448->96449 96450 983ae9 96449->96450 96451 983ace 96449->96451 96452 98a6c3 22 API calls 96450->96452 96453 986b57 22 API calls 96451->96453 96454 983ada 96452->96454 96453->96454 96455 9837a0 22 API calls 96454->96455 96456 983ae6 96455->96456 96456->96408 96458 9833fe _wcslen 96457->96458 96459 9c311d 96458->96459 96460 983411 96458->96460 96462 99fddb 22 API calls 96459->96462 96467 98a587 96460->96467 96464 9c3127 96462->96464 96463 98341e __fread_nolock 96463->96420 96465 99fe0b 22 API calls 96464->96465 96466 9c3157 __fread_nolock 96465->96466 96468 98a59d 96467->96468 96471 98a598 __fread_nolock 96467->96471 96469 9cf80f 96468->96469 96470 99fe0b 22 API calls 96468->96470 96470->96471 96471->96463 96472 98f7bf 96473 98f7d3 96472->96473 96474 98fcb6 96472->96474 96476 98fcc2 96473->96476 96477 99fddb 22 API calls 96473->96477 96561 98aceb 23 API calls ISource 96474->96561 96562 98aceb 23 API calls ISource 96476->96562 96479 98f7e5 96477->96479 96479->96476 96480 98f83e 96479->96480 96481 98fd3d 96479->96481 96505 98ed9d ISource 96480->96505 96507 991310 96480->96507 96563 9f1155 22 API calls 96481->96563 96484 98fef7 96484->96505 96565 98a8c7 22 API calls __fread_nolock 96484->96565 96486 99fddb 22 API calls 96504 98ec76 ISource 96486->96504 96488 9d4600 96488->96505 96564 98a8c7 22 API calls __fread_nolock 96488->96564 96489 9d4b0b 96567 9f359c 82 API calls __wsopen_s 96489->96567 96490 98a8c7 22 API calls 96490->96504 96496 98fbe3 96498 9d4bdc 96496->96498 96496->96505 96506 98f3ae ISource 96496->96506 96497 98a961 22 API calls 96497->96504 96568 9f359c 82 API calls __wsopen_s 96498->96568 96500 9a00a3 29 API calls pre_c_initialization 96500->96504 96501 9a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96501->96504 96502 9d4beb 96569 9f359c 82 API calls __wsopen_s 96502->96569 96503 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96503->96504 96504->96484 96504->96486 96504->96488 96504->96489 96504->96490 96504->96496 96504->96497 96504->96500 96504->96501 96504->96502 96504->96503 96504->96505 96504->96506 96559 9901e0 185 API calls 2 library calls 96504->96559 96560 9906a0 41 API calls ISource 96504->96560 96506->96505 96566 9f359c 82 API calls __wsopen_s 96506->96566 96508 9917b0 96507->96508 96509 991376 96507->96509 96618 9a0242 5 API calls __Init_thread_wait 96508->96618 96511 991390 96509->96511 96512 9d6331 96509->96512 96516 991940 9 API calls 96511->96516 96513 9d633d 96512->96513 96623 a0709c 185 API calls 96512->96623 96513->96504 96515 9917ba 96517 9917fb 96515->96517 96519 989cb3 22 API calls 96515->96519 96518 9913a0 96516->96518 96522 9d6346 96517->96522 96524 99182c 96517->96524 96520 991940 9 API calls 96518->96520 96528 9917d4 96519->96528 96521 9913b6 96520->96521 96521->96517 96523 9913ec 96521->96523 96624 9f359c 82 API calls __wsopen_s 96522->96624 96523->96522 96548 991408 __fread_nolock 96523->96548 96620 98aceb 23 API calls ISource 96524->96620 96527 991839 96621 99d217 185 API calls 96527->96621 96619 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96528->96619 96531 9d636e 96625 9f359c 82 API calls __wsopen_s 96531->96625 96532 99152f 96534 99153c 96532->96534 96535 9d63d1 96532->96535 96537 991940 9 API calls 96534->96537 96627 a05745 54 API calls _wcslen 96535->96627 96539 991549 96537->96539 96538 99fddb 22 API calls 96538->96548 96542 991940 9 API calls 96539->96542 96554 9915c7 ISource 96539->96554 96540 991872 96622 99faeb 23 API calls 96540->96622 96541 99fe0b 22 API calls 96541->96548 96552 991563 96542->96552 96543 99171d 96543->96504 96547 99167b ISource 96547->96543 96617 99ce17 22 API calls ISource 96547->96617 96548->96527 96548->96531 96548->96532 96548->96538 96548->96541 96549 9d63b2 96548->96549 96548->96554 96593 98ec40 96548->96593 96626 9f359c 82 API calls __wsopen_s 96549->96626 96552->96554 96628 98a8c7 22 API calls __fread_nolock 96552->96628 96554->96540 96554->96547 96570 991940 96554->96570 96580 a0a2ea 96554->96580 96585 9f5c5a 96554->96585 96590 a0ac5b 96554->96590 96629 9f359c 82 API calls __wsopen_s 96554->96629 96559->96504 96560->96504 96561->96476 96562->96481 96563->96505 96564->96505 96565->96505 96566->96505 96567->96505 96568->96502 96569->96505 96571 99195d 96570->96571 96572 991981 96570->96572 96579 99196e 96571->96579 96632 9a0242 5 API calls __Init_thread_wait 96571->96632 96630 9a0242 5 API calls __Init_thread_wait 96572->96630 96574 99198b 96574->96571 96631 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96574->96631 96577 998727 96577->96579 96633 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96577->96633 96579->96554 96634 987510 96580->96634 96584 a0a315 96584->96554 96586 987510 53 API calls 96585->96586 96587 9f5c6d 96586->96587 96682 9edbbe lstrlenW 96587->96682 96589 9f5c77 96589->96554 96687 a0ad64 96590->96687 96592 a0ac6f 96592->96554 96604 98ec76 ISource 96593->96604 96594 99fddb 22 API calls 96594->96604 96595 9d4beb 96726 9f359c 82 API calls __wsopen_s 96595->96726 96596 98fef7 96610 98ed9d ISource 96596->96610 96722 98a8c7 22 API calls __fread_nolock 96596->96722 96598 98f3ae ISource 96598->96610 96723 9f359c 82 API calls __wsopen_s 96598->96723 96600 9d4600 96600->96610 96721 98a8c7 22 API calls __fread_nolock 96600->96721 96601 9d4b0b 96724 9f359c 82 API calls __wsopen_s 96601->96724 96604->96594 96604->96595 96604->96596 96604->96598 96604->96600 96604->96601 96608 98a8c7 22 API calls 96604->96608 96609 9a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96604->96609 96604->96610 96611 98fbe3 96604->96611 96612 98a961 22 API calls 96604->96612 96615 9a00a3 29 API calls pre_c_initialization 96604->96615 96616 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96604->96616 96719 9901e0 185 API calls 2 library calls 96604->96719 96720 9906a0 41 API calls ISource 96604->96720 96608->96604 96609->96604 96610->96548 96611->96598 96611->96610 96613 9d4bdc 96611->96613 96612->96604 96725 9f359c 82 API calls __wsopen_s 96613->96725 96615->96604 96616->96604 96617->96547 96618->96515 96619->96517 96620->96527 96621->96540 96622->96540 96623->96513 96624->96554 96625->96554 96626->96554 96627->96552 96628->96554 96629->96554 96630->96574 96631->96571 96632->96577 96633->96579 96635 987525 96634->96635 96651 987522 96634->96651 96636 98755b 96635->96636 96637 98752d 96635->96637 96638 9c50f6 96636->96638 96641 9c500f 96636->96641 96642 98756d 96636->96642 96667 9a51c6 26 API calls 96637->96667 96670 9a5183 26 API calls 96638->96670 96650 99fe0b 22 API calls 96641->96650 96656 9c5088 96641->96656 96668 99fb21 51 API calls 96642->96668 96643 98753d 96646 99fddb 22 API calls 96643->96646 96644 9c510e 96644->96644 96648 987547 96646->96648 96649 989cb3 22 API calls 96648->96649 96649->96651 96652 9c5058 96650->96652 96657 9ed4dc CreateToolhelp32Snapshot Process32FirstW 96651->96657 96653 99fddb 22 API calls 96652->96653 96654 9c507f 96653->96654 96655 989cb3 22 API calls 96654->96655 96655->96656 96669 99fb21 51 API calls 96656->96669 96671 9edef7 96657->96671 96659 9ed5db FindCloseChangeNotification 96659->96584 96660 9ed529 Process32NextW 96660->96659 96662 9ed522 96660->96662 96661 98a961 22 API calls 96661->96662 96662->96659 96662->96660 96662->96661 96663 989cb3 22 API calls 96662->96663 96677 98525f 22 API calls 96662->96677 96678 986350 22 API calls 96662->96678 96679 99ce60 41 API calls 96662->96679 96663->96662 96667->96643 96668->96643 96669->96638 96670->96644 96672 9edf02 96671->96672 96673 9edf19 96672->96673 96676 9edf1f 96672->96676 96680 9a63b2 GetStringTypeW _strftime 96672->96680 96681 9a62fb 39 API calls _strftime 96673->96681 96676->96662 96677->96662 96678->96662 96679->96662 96680->96672 96681->96676 96683 9edbdc GetFileAttributesW 96682->96683 96684 9edc06 96682->96684 96683->96684 96685 9edbe8 FindFirstFileW 96683->96685 96684->96589 96685->96684 96686 9edbf9 FindClose 96685->96686 96686->96684 96688 98a961 22 API calls 96687->96688 96690 a0ad77 ___scrt_fastfail 96688->96690 96689 a0adce 96691 a0adee 96689->96691 96693 987510 53 API calls 96689->96693 96690->96689 96692 987510 53 API calls 96690->96692 96694 a0ae3a 96691->96694 96697 987510 53 API calls 96691->96697 96695 a0adab 96692->96695 96696 a0ade4 96693->96696 96699 a0ae4d ___scrt_fastfail 96694->96699 96718 98b567 39 API calls 96694->96718 96695->96689 96700 987510 53 API calls 96695->96700 96716 987620 22 API calls _wcslen 96696->96716 96706 a0ae04 96697->96706 96704 987510 53 API calls 96699->96704 96702 a0adc4 96700->96702 96715 987620 22 API calls _wcslen 96702->96715 96705 a0ae85 ShellExecuteExW 96704->96705 96709 a0aeb0 96705->96709 96706->96694 96707 987510 53 API calls 96706->96707 96708 a0ae28 96707->96708 96708->96694 96717 98a8c7 22 API calls __fread_nolock 96708->96717 96711 a0af35 GetProcessId 96709->96711 96712 a0aec8 96709->96712 96713 a0af48 96711->96713 96712->96592 96714 a0af58 CloseHandle 96713->96714 96714->96712 96715->96689 96716->96691 96717->96694 96718->96699 96719->96604 96720->96604 96721->96610 96722->96610 96723->96610 96724->96610 96725->96595 96726->96610 96727 9d3f75 96738 99ceb1 96727->96738 96729 9d3f8b 96737 9d4006 96729->96737 96805 99e300 23 API calls 96729->96805 96732 9d4052 96734 9d4a88 96732->96734 96807 9f359c 82 API calls __wsopen_s 96732->96807 96735 9d3fe6 96735->96732 96806 9f1abf 22 API calls 96735->96806 96747 98bf40 96737->96747 96739 99cebf 96738->96739 96740 99ced2 96738->96740 96808 98aceb 23 API calls ISource 96739->96808 96742 99cf05 96740->96742 96743 99ced7 96740->96743 96809 98aceb 23 API calls ISource 96742->96809 96745 99fddb 22 API calls 96743->96745 96746 99cec9 96745->96746 96746->96729 96810 98adf0 96747->96810 96749 98bf9d 96750 98bfa9 96749->96750 96751 9d04b6 96749->96751 96753 9d04c6 96750->96753 96754 98c01e 96750->96754 96829 9f359c 82 API calls __wsopen_s 96751->96829 96830 9f359c 82 API calls __wsopen_s 96753->96830 96815 98ac91 96754->96815 96758 9e7120 22 API calls 96803 98c039 ISource __fread_nolock 96758->96803 96759 98c7da 96764 99fe0b 22 API calls 96759->96764 96761 99fddb 22 API calls 96761->96803 96763 9d04f5 96768 9d055a 96763->96768 96831 99d217 185 API calls 96763->96831 96772 98c808 __fread_nolock 96764->96772 96789 98c603 96768->96789 96832 9f359c 82 API calls __wsopen_s 96768->96832 96769 98ec40 185 API calls 96769->96803 96770 99fe0b 22 API calls 96802 98c350 ISource __fread_nolock 96770->96802 96771 98af8a 22 API calls 96771->96803 96772->96770 96773 9d091a 96842 9f3209 23 API calls 96773->96842 96776 9d08a5 96777 98ec40 185 API calls 96776->96777 96779 9d08cf 96777->96779 96779->96789 96840 98a81b 41 API calls 96779->96840 96780 9d0591 96833 9f359c 82 API calls __wsopen_s 96780->96833 96781 9d08f6 96841 9f359c 82 API calls __wsopen_s 96781->96841 96787 98c237 96788 98c253 96787->96788 96843 98a8c7 22 API calls __fread_nolock 96787->96843 96792 9d0976 96788->96792 96797 98c297 ISource 96788->96797 96789->96732 96791 99fe0b 22 API calls 96791->96803 96844 98aceb 23 API calls ISource 96792->96844 96795 9d09bf 96795->96789 96845 9f359c 82 API calls __wsopen_s 96795->96845 96797->96795 96826 98aceb 23 API calls ISource 96797->96826 96798 98c335 96798->96795 96799 98c342 96798->96799 96827 98a704 22 API calls ISource 96799->96827 96800 98bbe0 40 API calls 96800->96803 96804 98c3ac 96802->96804 96828 99ce17 22 API calls ISource 96802->96828 96803->96758 96803->96759 96803->96761 96803->96763 96803->96768 96803->96769 96803->96771 96803->96772 96803->96773 96803->96776 96803->96780 96803->96781 96803->96787 96803->96789 96803->96791 96803->96795 96803->96800 96819 98ad81 96803->96819 96834 9e7099 22 API calls __fread_nolock 96803->96834 96835 a05745 54 API calls _wcslen 96803->96835 96836 99aa42 22 API calls ISource 96803->96836 96837 9ef05c 40 API calls 96803->96837 96838 98a993 41 API calls 96803->96838 96839 98aceb 23 API calls ISource 96803->96839 96804->96732 96805->96735 96806->96737 96807->96734 96808->96746 96809->96746 96811 98ae01 96810->96811 96814 98ae1c ISource 96810->96814 96812 98aec9 22 API calls 96811->96812 96813 98ae09 CharUpperBuffW 96812->96813 96813->96814 96814->96749 96816 98acae 96815->96816 96817 98acd1 96816->96817 96846 9f359c 82 API calls __wsopen_s 96816->96846 96817->96803 96820 9cfadb 96819->96820 96821 98ad92 96819->96821 96822 99fddb 22 API calls 96821->96822 96823 98ad99 96822->96823 96847 98adcd 96823->96847 96826->96798 96827->96802 96828->96802 96829->96753 96830->96789 96831->96768 96832->96789 96833->96789 96834->96803 96835->96803 96836->96803 96837->96803 96838->96803 96839->96803 96840->96781 96841->96789 96842->96787 96843->96788 96844->96795 96845->96789 96846->96817 96850 98addd 96847->96850 96848 98adb6 96848->96803 96849 99fddb 22 API calls 96849->96850 96850->96848 96850->96849 96851 98a961 22 API calls 96850->96851 96853 98adcd 22 API calls 96850->96853 96854 98a8c7 22 API calls __fread_nolock 96850->96854 96851->96850 96853->96850 96854->96850 96855 981033 96860 984c91 96855->96860 96859 981042 96861 98a961 22 API calls 96860->96861 96862 984cff 96861->96862 96868 983af0 96862->96868 96864 984d9c 96865 981038 96864->96865 96871 9851f7 22 API calls __fread_nolock 96864->96871 96867 9a00a3 29 API calls __onexit 96865->96867 96867->96859 96872 983b1c 96868->96872 96871->96864 96873 983b0f 96872->96873 96874 983b29 96872->96874 96873->96864 96874->96873 96875 983b30 RegOpenKeyExW 96874->96875 96875->96873 96876 983b4a RegQueryValueExW 96875->96876 96877 983b80 RegCloseKey 96876->96877 96878 983b6b 96876->96878 96877->96873 96878->96877 96879 983156 96882 983170 96879->96882 96883 983187 96882->96883 96884 9831eb 96883->96884 96885 98318c 96883->96885 96886 9831e9 96883->96886 96890 9c2dfb 96884->96890 96891 9831f1 96884->96891 96887 983199 96885->96887 96888 983265 PostQuitMessage 96885->96888 96889 9831d0 DefWindowProcW 96886->96889 96893 9c2e7c 96887->96893 96894 9831a4 96887->96894 96895 98316a 96888->96895 96889->96895 96934 9818e2 10 API calls 96890->96934 96896 9831f8 96891->96896 96897 98321d SetTimer RegisterWindowMessageW 96891->96897 96948 9ebf30 34 API calls ___scrt_fastfail 96893->96948 96899 9c2e68 96894->96899 96900 9831ae 96894->96900 96903 9c2d9c 96896->96903 96904 983201 KillTimer 96896->96904 96897->96895 96901 983246 CreatePopupMenu 96897->96901 96898 9c2e1c 96935 99e499 42 API calls 96898->96935 96947 9ec161 27 API calls ___scrt_fastfail 96899->96947 96908 9c2e4d 96900->96908 96909 9831b9 96900->96909 96901->96895 96911 9c2dd7 MoveWindow 96903->96911 96912 9c2da1 96903->96912 96927 9830f2 96904->96927 96908->96889 96946 9e0ad7 22 API calls 96908->96946 96915 9831c4 96909->96915 96916 983253 96909->96916 96910 9c2e8e 96910->96889 96910->96895 96911->96895 96917 9c2dc6 SetFocus 96912->96917 96918 9c2da7 96912->96918 96914 983263 96914->96895 96915->96889 96924 9830f2 Shell_NotifyIconW 96915->96924 96932 98326f 44 API calls ___scrt_fastfail 96916->96932 96917->96895 96918->96915 96922 9c2db0 96918->96922 96933 9818e2 10 API calls 96922->96933 96925 9c2e41 96924->96925 96936 983837 96925->96936 96928 983154 96927->96928 96929 983104 ___scrt_fastfail 96927->96929 96931 983c50 DeleteObject DestroyWindow 96928->96931 96930 983123 Shell_NotifyIconW 96929->96930 96930->96928 96931->96895 96932->96914 96933->96895 96934->96898 96935->96915 96937 983862 ___scrt_fastfail 96936->96937 96949 984212 96937->96949 96940 9838e8 96942 9c3386 Shell_NotifyIconW 96940->96942 96943 983906 Shell_NotifyIconW 96940->96943 96953 983923 96943->96953 96945 98391c 96945->96886 96946->96886 96947->96914 96948->96910 96950 9c35a4 96949->96950 96951 9838b7 96949->96951 96950->96951 96952 9c35ad DestroyIcon 96950->96952 96951->96940 96975 9ec874 42 API calls _strftime 96951->96975 96952->96951 96954 98393f 96953->96954 96973 983a13 96953->96973 96976 986270 96954->96976 96957 98395a 96959 986b57 22 API calls 96957->96959 96958 9c3393 LoadStringW 96960 9c33ad 96958->96960 96961 98396f 96959->96961 96968 983994 ___scrt_fastfail 96960->96968 96982 98a8c7 22 API calls __fread_nolock 96960->96982 96962 98397c 96961->96962 96963 9c33c9 96961->96963 96962->96960 96965 983986 96962->96965 96983 986350 22 API calls 96963->96983 96981 986350 22 API calls 96965->96981 96971 9839f9 Shell_NotifyIconW 96968->96971 96969 9c33d7 96969->96968 96970 9833c6 22 API calls 96969->96970 96972 9c33f9 96970->96972 96971->96973 96974 9833c6 22 API calls 96972->96974 96973->96945 96974->96968 96975->96940 96977 99fe0b 22 API calls 96976->96977 96978 986295 96977->96978 96979 99fddb 22 API calls 96978->96979 96980 98394d 96979->96980 96980->96957 96980->96958 96981->96968 96982->96968 96983->96969 96984 982e37 96985 98a961 22 API calls 96984->96985 96986 982e4d 96985->96986 97063 984ae3 96986->97063 96988 982e6b 96989 983a5a 24 API calls 96988->96989 96990 982e7f 96989->96990 96991 989cb3 22 API calls 96990->96991 96992 982e8c 96991->96992 97077 984ecb 96992->97077 96995 982ead 97099 98a8c7 22 API calls __fread_nolock 96995->97099 96996 9c2cb0 97117 9f2cf9 96996->97117 96998 9c2cc3 96999 9c2ccf 96998->96999 97143 984f39 96998->97143 97005 984f39 68 API calls 96999->97005 97001 982ec3 97100 986f88 22 API calls 97001->97100 97004 982ecf 97006 989cb3 22 API calls 97004->97006 97007 9c2ce5 97005->97007 97008 982edc 97006->97008 97149 983084 22 API calls 97007->97149 97101 98a81b 41 API calls 97008->97101 97011 982eec 97013 989cb3 22 API calls 97011->97013 97012 9c2d02 97150 983084 22 API calls 97012->97150 97015 982f12 97013->97015 97102 98a81b 41 API calls 97015->97102 97016 9c2d1e 97018 983a5a 24 API calls 97016->97018 97019 9c2d44 97018->97019 97151 983084 22 API calls 97019->97151 97020 982f21 97022 98a961 22 API calls 97020->97022 97024 982f3f 97022->97024 97023 9c2d50 97152 98a8c7 22 API calls __fread_nolock 97023->97152 97103 983084 22 API calls 97024->97103 97027 9c2d5e 97153 983084 22 API calls 97027->97153 97028 982f4b 97104 9a4a28 40 API calls 3 library calls 97028->97104 97030 9c2d6d 97154 98a8c7 22 API calls __fread_nolock 97030->97154 97032 982f59 97032->97007 97033 982f63 97032->97033 97105 9a4a28 40 API calls 3 library calls 97033->97105 97036 9c2d83 97155 983084 22 API calls 97036->97155 97037 982f6e 97037->97012 97039 982f78 97037->97039 97106 9a4a28 40 API calls 3 library calls 97039->97106 97040 9c2d90 97042 982f83 97042->97016 97043 982f8d 97042->97043 97107 9a4a28 40 API calls 3 library calls 97043->97107 97045 982f98 97046 982fdc 97045->97046 97108 983084 22 API calls 97045->97108 97046->97030 97047 982fe8 97046->97047 97047->97040 97111 9863eb 22 API calls 97047->97111 97049 982fbf 97109 98a8c7 22 API calls __fread_nolock 97049->97109 97052 982ff8 97112 986a50 22 API calls 97052->97112 97053 982fcd 97110 983084 22 API calls 97053->97110 97056 983006 97113 9870b0 23 API calls 97056->97113 97060 983021 97061 983065 97060->97061 97114 986f88 22 API calls 97060->97114 97115 9870b0 23 API calls 97060->97115 97116 983084 22 API calls 97060->97116 97064 984af0 __wsopen_s 97063->97064 97065 986b57 22 API calls 97064->97065 97066 984b22 97064->97066 97065->97066 97070 984b58 97066->97070 97156 984c6d 97066->97156 97068 984c29 97069 984c5e 97068->97069 97071 989cb3 22 API calls 97068->97071 97069->96988 97070->97068 97072 989cb3 22 API calls 97070->97072 97075 98515f 22 API calls 97070->97075 97076 984c6d 22 API calls 97070->97076 97073 984c52 97071->97073 97072->97070 97074 98515f 22 API calls 97073->97074 97074->97069 97075->97070 97076->97070 97159 984e90 LoadLibraryA 97077->97159 97082 9c3ccf 97085 984f39 68 API calls 97082->97085 97083 984ef6 LoadLibraryExW 97167 984e59 LoadLibraryA 97083->97167 97087 9c3cd6 97085->97087 97089 984e59 3 API calls 97087->97089 97090 9c3cde 97089->97090 97189 9850f5 40 API calls __fread_nolock 97090->97189 97091 984f20 97091->97090 97092 984f2c 97091->97092 97094 984f39 68 API calls 97092->97094 97096 982ea5 97094->97096 97095 9c3cf5 97190 9f28fe 27 API calls 97095->97190 97096->96995 97096->96996 97098 9c3d05 97099->97001 97100->97004 97101->97011 97102->97020 97103->97028 97104->97032 97105->97037 97106->97042 97107->97045 97108->97049 97109->97053 97110->97046 97111->97052 97112->97056 97113->97060 97114->97060 97115->97060 97116->97060 97118 9f2d15 97117->97118 97254 98511f 64 API calls 97118->97254 97120 9f2d29 97255 9f2e66 75 API calls 97120->97255 97122 9f2d3b 97141 9f2d3f 97122->97141 97256 9850f5 40 API calls __fread_nolock 97122->97256 97124 9f2d56 97257 9850f5 40 API calls __fread_nolock 97124->97257 97126 9f2d66 97258 9850f5 40 API calls __fread_nolock 97126->97258 97128 9f2d81 97259 9850f5 40 API calls __fread_nolock 97128->97259 97130 9f2d9c 97260 98511f 64 API calls 97130->97260 97132 9f2db3 97133 9aea0c ___std_exception_copy 21 API calls 97132->97133 97134 9f2dba 97133->97134 97135 9aea0c ___std_exception_copy 21 API calls 97134->97135 97136 9f2dc4 97135->97136 97261 9850f5 40 API calls __fread_nolock 97136->97261 97138 9f2dd8 97262 9f28fe 27 API calls 97138->97262 97140 9f2dee 97140->97141 97263 9f22ce 79 API calls 97140->97263 97141->96998 97144 984f4a 97143->97144 97145 984f43 97143->97145 97147 984f59 97144->97147 97148 984f6a FreeLibrary 97144->97148 97264 9ae678 97145->97264 97147->96999 97148->97147 97149->97012 97150->97016 97151->97023 97152->97027 97153->97030 97154->97036 97155->97040 97157 98aec9 22 API calls 97156->97157 97158 984c78 97157->97158 97158->97066 97160 984ea8 GetProcAddress 97159->97160 97161 984ec6 97159->97161 97162 984eb8 97160->97162 97164 9ae5eb 97161->97164 97162->97161 97163 984ebf FreeLibrary 97162->97163 97163->97161 97191 9ae52a 97164->97191 97166 984eea 97166->97082 97166->97083 97168 984e8d 97167->97168 97169 984e6e GetProcAddress 97167->97169 97172 984f80 97168->97172 97170 984e7e 97169->97170 97170->97168 97171 984e86 FreeLibrary 97170->97171 97171->97168 97173 99fe0b 22 API calls 97172->97173 97174 984f95 97173->97174 97175 985722 22 API calls 97174->97175 97176 984fa1 __fread_nolock 97175->97176 97177 9c3d1d 97176->97177 97178 9850a5 97176->97178 97188 984fdc 97176->97188 97251 9f304d 74 API calls 97177->97251 97243 9842a2 CreateStreamOnHGlobal 97178->97243 97181 9c3d22 97252 98511f 64 API calls 97181->97252 97184 9c3d45 97253 9850f5 40 API calls __fread_nolock 97184->97253 97187 98506e ISource 97187->97091 97188->97181 97188->97187 97249 9850f5 40 API calls __fread_nolock 97188->97249 97250 98511f 64 API calls 97188->97250 97189->97095 97190->97098 97194 9ae536 BuildCatchObjectHelperInternal 97191->97194 97192 9ae544 97216 9af2d9 20 API calls _abort 97192->97216 97194->97192 97196 9ae574 97194->97196 97195 9ae549 97217 9b27ec 26 API calls __fread_nolock 97195->97217 97198 9ae579 97196->97198 97199 9ae586 97196->97199 97218 9af2d9 20 API calls _abort 97198->97218 97208 9b8061 97199->97208 97202 9ae58f 97203 9ae595 97202->97203 97205 9ae5a2 97202->97205 97219 9af2d9 20 API calls _abort 97203->97219 97220 9ae5d4 LeaveCriticalSection __fread_nolock 97205->97220 97207 9ae554 __fread_nolock 97207->97166 97209 9b806d BuildCatchObjectHelperInternal 97208->97209 97221 9b2f5e EnterCriticalSection 97209->97221 97211 9b807b 97222 9b80fb 97211->97222 97215 9b80ac __fread_nolock 97215->97202 97216->97195 97217->97207 97218->97207 97219->97207 97220->97207 97221->97211 97223 9b811e 97222->97223 97224 9b8177 97223->97224 97231 9b8088 97223->97231 97238 9a918d EnterCriticalSection 97223->97238 97239 9a91a1 LeaveCriticalSection 97223->97239 97225 9b4c7d _abort 20 API calls 97224->97225 97226 9b8180 97225->97226 97228 9b29c8 _free 20 API calls 97226->97228 97229 9b8189 97228->97229 97229->97231 97240 9b3405 11 API calls 2 library calls 97229->97240 97235 9b80b7 97231->97235 97232 9b81a8 97241 9a918d EnterCriticalSection 97232->97241 97242 9b2fa6 LeaveCriticalSection 97235->97242 97237 9b80be 97237->97215 97238->97223 97239->97223 97240->97232 97241->97231 97242->97237 97244 9842bc FindResourceExW 97243->97244 97248 9842d9 97243->97248 97245 9c35ba LoadResource 97244->97245 97244->97248 97246 9c35cf SizeofResource 97245->97246 97245->97248 97247 9c35e3 LockResource 97246->97247 97246->97248 97247->97248 97248->97188 97249->97188 97250->97188 97251->97181 97252->97184 97253->97187 97254->97120 97255->97122 97256->97124 97257->97126 97258->97128 97259->97130 97260->97132 97261->97138 97262->97140 97263->97141 97265 9ae684 BuildCatchObjectHelperInternal 97264->97265 97266 9ae6aa 97265->97266 97267 9ae695 97265->97267 97274 9ae6a5 __fread_nolock 97266->97274 97277 9a918d EnterCriticalSection 97266->97277 97294 9af2d9 20 API calls _abort 97267->97294 97269 9ae69a 97295 9b27ec 26 API calls __fread_nolock 97269->97295 97272 9ae6c6 97278 9ae602 97272->97278 97274->97144 97275 9ae6d1 97296 9ae6ee LeaveCriticalSection __fread_nolock 97275->97296 97277->97272 97279 9ae60f 97278->97279 97280 9ae624 97278->97280 97329 9af2d9 20 API calls _abort 97279->97329 97286 9ae61f 97280->97286 97297 9adc0b 97280->97297 97282 9ae614 97330 9b27ec 26 API calls __fread_nolock 97282->97330 97286->97275 97290 9ae646 97314 9b862f 97290->97314 97293 9b29c8 _free 20 API calls 97293->97286 97294->97269 97295->97274 97296->97274 97298 9adc23 97297->97298 97299 9adc1f 97297->97299 97298->97299 97300 9ad955 __fread_nolock 26 API calls 97298->97300 97303 9b4d7a 97299->97303 97301 9adc43 97300->97301 97331 9b59be 62 API calls 5 library calls 97301->97331 97304 9b4d90 97303->97304 97305 9ae640 97303->97305 97304->97305 97306 9b29c8 _free 20 API calls 97304->97306 97307 9ad955 97305->97307 97306->97305 97308 9ad961 97307->97308 97309 9ad976 97307->97309 97332 9af2d9 20 API calls _abort 97308->97332 97309->97290 97311 9ad966 97333 9b27ec 26 API calls __fread_nolock 97311->97333 97313 9ad971 97313->97290 97315 9b863e 97314->97315 97318 9b8653 97314->97318 97337 9af2c6 20 API calls _abort 97315->97337 97317 9b868e 97339 9af2c6 20 API calls _abort 97317->97339 97318->97317 97323 9b867a 97318->97323 97320 9b8643 97338 9af2d9 20 API calls _abort 97320->97338 97321 9b8693 97340 9af2d9 20 API calls _abort 97321->97340 97334 9b8607 97323->97334 97326 9ae64c 97326->97286 97326->97293 97327 9b869b 97341 9b27ec 26 API calls __fread_nolock 97327->97341 97329->97282 97330->97286 97331->97299 97332->97311 97333->97313 97342 9b8585 97334->97342 97336 9b862b 97336->97326 97337->97320 97338->97326 97339->97321 97340->97327 97341->97326 97343 9b8591 BuildCatchObjectHelperInternal 97342->97343 97353 9b5147 EnterCriticalSection 97343->97353 97345 9b859f 97346 9b85d1 97345->97346 97347 9b85c6 97345->97347 97369 9af2d9 20 API calls _abort 97346->97369 97354 9b86ae 97347->97354 97350 9b85cc 97370 9b85fb LeaveCriticalSection __wsopen_s 97350->97370 97352 9b85ee __fread_nolock 97352->97336 97353->97345 97371 9b53c4 97354->97371 97356 9b86c4 97384 9b5333 21 API calls 3 library calls 97356->97384 97358 9b86be 97358->97356 97359 9b86f6 97358->97359 97362 9b53c4 __wsopen_s 26 API calls 97358->97362 97359->97356 97360 9b53c4 __wsopen_s 26 API calls 97359->97360 97363 9b8702 FindCloseChangeNotification 97360->97363 97361 9b871c 97364 9b873e 97361->97364 97385 9af2a3 20 API calls 2 library calls 97361->97385 97365 9b86ed 97362->97365 97363->97356 97366 9b870e GetLastError 97363->97366 97364->97350 97368 9b53c4 __wsopen_s 26 API calls 97365->97368 97366->97356 97368->97359 97369->97350 97370->97352 97372 9b53d1 97371->97372 97373 9b53e6 97371->97373 97386 9af2c6 20 API calls _abort 97372->97386 97378 9b540b 97373->97378 97388 9af2c6 20 API calls _abort 97373->97388 97375 9b53d6 97387 9af2d9 20 API calls _abort 97375->97387 97378->97358 97379 9b5416 97389 9af2d9 20 API calls _abort 97379->97389 97380 9b53de 97380->97358 97382 9b541e 97390 9b27ec 26 API calls __fread_nolock 97382->97390 97384->97361 97385->97364 97386->97375 97387->97380 97388->97379 97389->97382 97390->97380 97391 981cad SystemParametersInfoW 97392 9c2ba5 97393 9c2baf 97392->97393 97394 982b25 97392->97394 97396 983a5a 24 API calls 97393->97396 97420 982b83 7 API calls 97394->97420 97398 9c2bb8 97396->97398 97400 989cb3 22 API calls 97398->97400 97401 9c2bc6 97400->97401 97403 9c2bce 97401->97403 97404 9c2bf5 97401->97404 97402 982b2f 97405 983837 49 API calls 97402->97405 97411 982b44 97402->97411 97406 9833c6 22 API calls 97403->97406 97407 9833c6 22 API calls 97404->97407 97405->97411 97408 9c2bd9 97406->97408 97409 9c2bf1 GetForegroundWindow ShellExecuteW 97407->97409 97424 986350 22 API calls 97408->97424 97414 9c2c26 97409->97414 97412 982b5f 97411->97412 97415 9830f2 Shell_NotifyIconW 97411->97415 97418 982b66 SetCurrentDirectoryW 97412->97418 97414->97412 97415->97412 97416 9c2be7 97417 9833c6 22 API calls 97416->97417 97417->97409 97419 982b7a 97418->97419 97425 982cd4 7 API calls 97420->97425 97422 982b2a 97423 982c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97422->97423 97423->97402 97424->97416 97425->97422 97426 9b8402 97431 9b81be 97426->97431 97429 9b842a 97432 9b81ef try_get_first_available_module 97431->97432 97439 9b8338 97432->97439 97446 9a8e0b 40 API calls 2 library calls 97432->97446 97434 9b83ee 97450 9b27ec 26 API calls __fread_nolock 97434->97450 97436 9b8343 97436->97429 97443 9c0984 97436->97443 97438 9b838c 97438->97439 97447 9a8e0b 40 API calls 2 library calls 97438->97447 97439->97436 97449 9af2d9 20 API calls _abort 97439->97449 97441 9b83ab 97441->97439 97448 9a8e0b 40 API calls 2 library calls 97441->97448 97451 9c0081 97443->97451 97445 9c099f 97445->97429 97446->97438 97447->97441 97448->97439 97449->97434 97450->97436 97453 9c008d BuildCatchObjectHelperInternal 97451->97453 97452 9c009b 97509 9af2d9 20 API calls _abort 97452->97509 97453->97452 97455 9c00d4 97453->97455 97462 9c065b 97455->97462 97456 9c00a0 97510 9b27ec 26 API calls __fread_nolock 97456->97510 97461 9c00aa __fread_nolock 97461->97445 97512 9c042f 97462->97512 97465 9c068d 97544 9af2c6 20 API calls _abort 97465->97544 97466 9c06a6 97530 9b5221 97466->97530 97469 9c06ab 97471 9c06cb 97469->97471 97472 9c06b4 97469->97472 97470 9c0692 97545 9af2d9 20 API calls _abort 97470->97545 97543 9c039a CreateFileW 97471->97543 97546 9af2c6 20 API calls _abort 97472->97546 97476 9c06b9 97547 9af2d9 20 API calls _abort 97476->97547 97478 9c0781 GetFileType 97479 9c078c GetLastError 97478->97479 97480 9c07d3 97478->97480 97550 9af2a3 20 API calls 2 library calls 97479->97550 97552 9b516a 21 API calls 3 library calls 97480->97552 97481 9c0756 GetLastError 97549 9af2a3 20 API calls 2 library calls 97481->97549 97484 9c0704 97484->97478 97484->97481 97548 9c039a CreateFileW 97484->97548 97485 9c079a CloseHandle 97485->97470 97489 9c07c3 97485->97489 97488 9c0749 97488->97478 97488->97481 97551 9af2d9 20 API calls _abort 97489->97551 97490 9c07f4 97495 9c0840 97490->97495 97553 9c05ab 72 API calls 4 library calls 97490->97553 97492 9c07c8 97492->97470 97497 9c086d 97495->97497 97554 9c014d 72 API calls 4 library calls 97495->97554 97496 9c0866 97496->97497 97498 9c087e 97496->97498 97499 9b86ae __wsopen_s 29 API calls 97497->97499 97500 9c00f8 97498->97500 97501 9c08fc CloseHandle 97498->97501 97499->97500 97511 9c0121 LeaveCriticalSection __wsopen_s 97500->97511 97555 9c039a CreateFileW 97501->97555 97503 9c0927 97504 9c0931 GetLastError 97503->97504 97505 9c095d 97503->97505 97556 9af2a3 20 API calls 2 library calls 97504->97556 97505->97500 97507 9c093d 97557 9b5333 21 API calls 3 library calls 97507->97557 97509->97456 97510->97461 97511->97461 97513 9c046a 97512->97513 97514 9c0450 97512->97514 97558 9c03bf 97513->97558 97514->97513 97565 9af2d9 20 API calls _abort 97514->97565 97517 9c045f 97566 9b27ec 26 API calls __fread_nolock 97517->97566 97519 9c04a2 97520 9c04d1 97519->97520 97567 9af2d9 20 API calls _abort 97519->97567 97528 9c0524 97520->97528 97569 9ad70d 26 API calls 2 library calls 97520->97569 97523 9c051f 97525 9c059e 97523->97525 97523->97528 97524 9c04c6 97568 9b27ec 26 API calls __fread_nolock 97524->97568 97570 9b27fc 11 API calls _abort 97525->97570 97528->97465 97528->97466 97529 9c05aa 97531 9b522d BuildCatchObjectHelperInternal 97530->97531 97573 9b2f5e EnterCriticalSection 97531->97573 97534 9b5259 97535 9b5000 __wsopen_s 21 API calls 97534->97535 97538 9b525e 97535->97538 97536 9b52a4 __fread_nolock 97536->97469 97537 9b5234 97537->97534 97539 9b52c7 EnterCriticalSection 97537->97539 97541 9b527b 97537->97541 97538->97541 97577 9b5147 EnterCriticalSection 97538->97577 97539->97541 97542 9b52d4 LeaveCriticalSection 97539->97542 97574 9b532a 97541->97574 97542->97537 97543->97484 97544->97470 97545->97500 97546->97476 97547->97470 97548->97488 97549->97470 97550->97485 97551->97492 97552->97490 97553->97495 97554->97496 97555->97503 97556->97507 97557->97505 97559 9c03d7 97558->97559 97560 9c03f2 97559->97560 97571 9af2d9 20 API calls _abort 97559->97571 97560->97519 97562 9c0416 97572 9b27ec 26 API calls __fread_nolock 97562->97572 97564 9c0421 97564->97519 97565->97517 97566->97513 97567->97524 97568->97520 97569->97523 97570->97529 97571->97562 97572->97564 97573->97537 97578 9b2fa6 LeaveCriticalSection 97574->97578 97576 9b5331 97576->97536 97577->97541 97578->97576 97579 982de3 97580 982df0 __wsopen_s 97579->97580 97581 982e09 97580->97581 97582 9c2c2b ___scrt_fastfail 97580->97582 97583 983aa2 23 API calls 97581->97583 97584 9c2c47 GetOpenFileNameW 97582->97584 97585 982e12 97583->97585 97586 9c2c96 97584->97586 97595 982da5 97585->97595 97589 986b57 22 API calls 97586->97589 97591 9c2cab 97589->97591 97591->97591 97592 982e27 97613 9844a8 97592->97613 97596 9c1f50 __wsopen_s 97595->97596 97597 982db2 GetLongPathNameW 97596->97597 97598 986b57 22 API calls 97597->97598 97599 982dda 97598->97599 97600 983598 97599->97600 97601 98a961 22 API calls 97600->97601 97602 9835aa 97601->97602 97603 983aa2 23 API calls 97602->97603 97604 9835b5 97603->97604 97605 9c32eb 97604->97605 97606 9835c0 97604->97606 97611 9c330d 97605->97611 97648 99ce60 41 API calls 97605->97648 97608 98515f 22 API calls 97606->97608 97609 9835cc 97608->97609 97642 9835f3 97609->97642 97612 9835df 97612->97592 97614 984ecb 94 API calls 97613->97614 97615 9844cd 97614->97615 97616 9c3833 97615->97616 97617 984ecb 94 API calls 97615->97617 97618 9f2cf9 80 API calls 97616->97618 97619 9844e1 97617->97619 97620 9c3848 97618->97620 97619->97616 97621 9844e9 97619->97621 97622 9c384c 97620->97622 97623 9c3869 97620->97623 97625 9c3854 97621->97625 97626 9844f5 97621->97626 97627 984f39 68 API calls 97622->97627 97624 99fe0b 22 API calls 97623->97624 97641 9c38ae 97624->97641 97650 9eda5a 82 API calls 97625->97650 97649 98940c 136 API calls 2 library calls 97626->97649 97627->97625 97630 982e31 97631 9c3862 97631->97623 97632 9c3a5f 97633 984f39 68 API calls 97632->97633 97656 9e989b 82 API calls __wsopen_s 97632->97656 97633->97632 97638 989cb3 22 API calls 97638->97641 97641->97632 97641->97638 97651 9e967e 22 API calls __fread_nolock 97641->97651 97652 9e95ad 42 API calls _wcslen 97641->97652 97653 9f0b5a 22 API calls 97641->97653 97654 98a4a1 22 API calls __fread_nolock 97641->97654 97655 983ff7 22 API calls 97641->97655 97643 983605 97642->97643 97647 983624 __fread_nolock 97642->97647 97646 99fe0b 22 API calls 97643->97646 97644 99fddb 22 API calls 97645 98363b 97644->97645 97645->97612 97646->97647 97647->97644 97648->97605 97649->97630 97650->97631 97651->97641 97652->97641 97653->97641 97654->97641 97655->97641 97656->97632 97657 981044 97662 9810f3 97657->97662 97659 98104a 97698 9a00a3 29 API calls __onexit 97659->97698 97661 981054 97699 981398 97662->97699 97666 98116a 97667 98a961 22 API calls 97666->97667 97668 981174 97667->97668 97669 98a961 22 API calls 97668->97669 97670 98117e 97669->97670 97671 98a961 22 API calls 97670->97671 97672 981188 97671->97672 97673 98a961 22 API calls 97672->97673 97674 9811c6 97673->97674 97675 98a961 22 API calls 97674->97675 97676 981292 97675->97676 97709 98171c 97676->97709 97680 9812c4 97681 98a961 22 API calls 97680->97681 97682 9812ce 97681->97682 97683 991940 9 API calls 97682->97683 97684 9812f9 97683->97684 97730 981aab 97684->97730 97686 981315 97687 981325 GetStdHandle 97686->97687 97688 98137a 97687->97688 97689 9c2485 97687->97689 97692 981387 OleInitialize 97688->97692 97689->97688 97690 9c248e 97689->97690 97691 99fddb 22 API calls 97690->97691 97693 9c2495 97691->97693 97692->97659 97737 9f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97693->97737 97695 9c249e 97738 9f0944 CreateThread 97695->97738 97697 9c24aa CloseHandle 97697->97688 97698->97661 97739 9813f1 97699->97739 97702 9813f1 22 API calls 97703 9813d0 97702->97703 97704 98a961 22 API calls 97703->97704 97705 9813dc 97704->97705 97706 986b57 22 API calls 97705->97706 97707 981129 97706->97707 97708 981bc3 6 API calls 97707->97708 97708->97666 97710 98a961 22 API calls 97709->97710 97711 98172c 97710->97711 97712 98a961 22 API calls 97711->97712 97713 981734 97712->97713 97714 98a961 22 API calls 97713->97714 97715 98174f 97714->97715 97716 99fddb 22 API calls 97715->97716 97717 98129c 97716->97717 97718 981b4a 97717->97718 97719 981b58 97718->97719 97720 98a961 22 API calls 97719->97720 97721 981b63 97720->97721 97722 98a961 22 API calls 97721->97722 97723 981b6e 97722->97723 97724 98a961 22 API calls 97723->97724 97725 981b79 97724->97725 97726 98a961 22 API calls 97725->97726 97727 981b84 97726->97727 97728 99fddb 22 API calls 97727->97728 97729 981b96 RegisterWindowMessageW 97728->97729 97729->97680 97731 9c272d 97730->97731 97732 981abb 97730->97732 97746 9f3209 23 API calls 97731->97746 97733 99fddb 22 API calls 97732->97733 97735 981ac3 97733->97735 97735->97686 97736 9c2738 97737->97695 97738->97697 97747 9f092a 28 API calls 97738->97747 97740 98a961 22 API calls 97739->97740 97741 9813fc 97740->97741 97742 98a961 22 API calls 97741->97742 97743 981404 97742->97743 97744 98a961 22 API calls 97743->97744 97745 9813c6 97744->97745 97745->97702 97746->97736 97748 9d2a00 97749 98d7b0 ISource 97748->97749 97750 98db11 PeekMessageW 97749->97750 97751 98d807 GetInputState 97749->97751 97752 98d9d5 97749->97752 97753 9d1cbe TranslateAcceleratorW 97749->97753 97755 98db8f PeekMessageW 97749->97755 97756 98da04 timeGetTime 97749->97756 97757 98db73 TranslateMessage DispatchMessageW 97749->97757 97758 98dbaf Sleep 97749->97758 97759 9d2b74 Sleep 97749->97759 97761 9d1dda timeGetTime 97749->97761 97776 98ec40 185 API calls 97749->97776 97777 991310 185 API calls 97749->97777 97778 98bf40 185 API calls 97749->97778 97780 98dd50 97749->97780 97787 98dfd0 185 API calls 3 library calls 97749->97787 97788 99edf6 IsDialogMessageW GetClassLongW 97749->97788 97790 9f3a2a 23 API calls 97749->97790 97791 9f359c 82 API calls __wsopen_s 97749->97791 97750->97749 97751->97749 97751->97750 97753->97749 97755->97749 97756->97749 97757->97755 97774 98dbc0 97758->97774 97759->97774 97760 99e551 timeGetTime 97760->97774 97789 99e300 23 API calls 97761->97789 97762 9ed4dc 47 API calls 97762->97774 97764 9d2c0b GetExitCodeProcess 97767 9d2c37 CloseHandle 97764->97767 97768 9d2c21 WaitForSingleObject 97764->97768 97765 a129bf GetForegroundWindow 97765->97774 97767->97774 97768->97749 97768->97767 97769 9d2a31 97769->97752 97770 9d2ca9 Sleep 97770->97749 97774->97749 97774->97752 97774->97760 97774->97762 97774->97764 97774->97765 97774->97769 97774->97770 97792 a05658 23 API calls 97774->97792 97793 9ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97774->97793 97776->97749 97777->97749 97778->97749 97781 98dd6f 97780->97781 97782 98dd83 97780->97782 97794 98d260 97781->97794 97826 9f359c 82 API calls __wsopen_s 97782->97826 97784 98dd7a 97784->97749 97786 9d2f75 97786->97786 97787->97749 97788->97749 97789->97749 97790->97749 97791->97749 97792->97774 97793->97774 97795 98ec40 185 API calls 97794->97795 97815 98d29d 97795->97815 97796 9d1bc4 97833 9f359c 82 API calls __wsopen_s 97796->97833 97798 98d30b ISource 97798->97784 97799 98d3c3 97800 98d6d5 97799->97800 97801 98d3ce 97799->97801 97800->97798 97810 99fe0b 22 API calls 97800->97810 97803 99fddb 22 API calls 97801->97803 97802 98d5ff 97804 9d1bb5 97802->97804 97805 98d614 97802->97805 97812 98d3d5 __fread_nolock 97803->97812 97832 a05705 23 API calls 97804->97832 97808 99fddb 22 API calls 97805->97808 97806 98d4b8 97811 99fe0b 22 API calls 97806->97811 97819 98d46a 97808->97819 97809 99fddb 22 API calls 97809->97815 97810->97812 97813 98d429 ISource __fread_nolock 97811->97813 97814 99fddb 22 API calls 97812->97814 97816 98d3f6 97812->97816 97813->97802 97818 9d1ba4 97813->97818 97813->97819 97822 9d1b7f 97813->97822 97824 9d1b5d 97813->97824 97828 981f6f 185 API calls 97813->97828 97814->97816 97815->97796 97815->97798 97815->97799 97815->97800 97815->97806 97815->97809 97815->97813 97816->97813 97827 98bec0 185 API calls 97816->97827 97831 9f359c 82 API calls __wsopen_s 97818->97831 97819->97784 97830 9f359c 82 API calls __wsopen_s 97822->97830 97829 9f359c 82 API calls __wsopen_s 97824->97829 97826->97786 97827->97813 97828->97813 97829->97819 97830->97819 97831->97819 97832->97796 97833->97798 97834 9c2402 97837 981410 97834->97837 97838 9c24b8 DestroyWindow 97837->97838 97839 98144f mciSendStringW 97837->97839 97852 9c24c4 97838->97852 97840 98146b 97839->97840 97841 9816c6 97839->97841 97842 981479 97840->97842 97840->97852 97841->97840 97843 9816d5 UnregisterHotKey 97841->97843 97870 98182e 97842->97870 97843->97841 97845 9c24d8 97845->97852 97876 986246 CloseHandle 97845->97876 97846 9c24e2 FindClose 97846->97852 97848 9c2509 97851 9c251c FreeLibrary 97848->97851 97853 9c252d 97848->97853 97850 98148e 97850->97853 97858 98149c 97850->97858 97851->97848 97852->97845 97852->97846 97852->97848 97854 9c2541 VirtualFree 97853->97854 97861 981509 97853->97861 97854->97853 97855 9814f8 OleUninitialize 97855->97861 97856 9c2589 97863 9c2598 ISource 97856->97863 97877 9f32eb 6 API calls ISource 97856->97877 97857 981514 97860 981524 97857->97860 97858->97855 97874 981944 VirtualFreeEx CloseHandle 97860->97874 97861->97856 97861->97857 97866 9c2627 97863->97866 97878 9e64d4 22 API calls ISource 97863->97878 97865 98153a 97865->97863 97867 98161f 97865->97867 97866->97866 97867->97866 97875 981876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97867->97875 97869 9816c1 97872 98183b 97870->97872 97871 981480 97871->97848 97871->97850 97872->97871 97879 9e702a 22 API calls 97872->97879 97874->97865 97875->97869 97876->97845 97877->97856 97878->97863 97879->97872

                                                                Executed Functions

                                                                Function 009842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 234 9842de-98434d call 98a961 GetVersionExW call 986b57 239 9c3617-9c362a 234->239 240 984353 234->240 242 9c362b-9c362f 239->242 241 984355-984357 240->241 245 98435d-9843bc call 9893b2 call 9837a0 241->245 246 9c3656 241->246 243 9c3631 242->243 244 9c3632-9c363e 242->244 243->244 244->242 247 9c3640-9c3642 244->247 263 9c37df-9c37e6 245->263 264 9843c2-9843c4 245->264 250 9c365d-9c3660 246->250 247->241 249 9c3648-9c364f 247->249 249->239 252 9c3651 249->252 253 98441b-984435 GetCurrentProcess IsWow64Process 250->253 254 9c3666-9c36a8 250->254 252->246 256 984494-98449a 253->256 257 984437 253->257 254->253 258 9c36ae-9c36b1 254->258 260 98443d-984449 256->260 257->260 261 9c36db-9c36e5 258->261 262 9c36b3-9c36bd 258->262 265 98444f-98445e LoadLibraryA 260->265 266 9c3824-9c3828 GetSystemInfo 260->266 270 9c36f8-9c3702 261->270 271 9c36e7-9c36f3 261->271 267 9c36bf-9c36c5 262->267 268 9c36ca-9c36d6 262->268 272 9c37e8 263->272 273 9c3806-9c3809 263->273 264->250 269 9843ca-9843dd 264->269 279 98449c-9844a6 GetSystemInfo 265->279 280 984460-98446e GetProcAddress 265->280 267->253 268->253 281 9c3726-9c372f 269->281 282 9843e3-9843e5 269->282 275 9c3704-9c3710 270->275 276 9c3715-9c3721 270->276 271->253 274 9c37ee 272->274 277 9c380b-9c381a 273->277 278 9c37f4-9c37fc 273->278 274->278 275->253 276->253 277->274 287 9c381c-9c3822 277->287 278->273 289 984476-984478 279->289 280->279 288 984470-984474 GetNativeSystemInfo 280->288 285 9c373c-9c3748 281->285 286 9c3731-9c3737 281->286 283 9c374d-9c3762 282->283 284 9843eb-9843ee 282->284 292 9c376f-9c377b 283->292 293 9c3764-9c376a 283->293 290 9843f4-98440f 284->290 291 9c3791-9c3794 284->291 285->253 286->253 287->278 288->289 294 98447a-98447b FreeLibrary 289->294 295 984481-984493 289->295 296 9c3780-9c378c 290->296 297 984415 290->297 291->253 298 9c379a-9c37c1 291->298 292->253 293->253 294->295 296->253 297->253 299 9c37ce-9c37da 298->299 300 9c37c3-9c37c9 298->300 299->253 300->253
                                                                APIs
                                                                • GetVersionExW.KERNEL32(?), ref: 0098430D
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                • GetCurrentProcess.KERNEL32(?,00A1CB64,00000000,?,?), ref: 00984422
                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00984429
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00984454
                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00984466
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00984474
                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 0098447B
                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 009844A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                • API String ID: 3290436268-3101561225
                                                                • Opcode ID: fc97420d1b7fe941566ef820b6059a3e66487d6d04590a53ae1c73d25056773e
                                                                • Instruction ID: a7f3b2edaddff4581508c78fa4031abf1fbf7012244f5d541d93ad510794f461
                                                                • Opcode Fuzzy Hash: fc97420d1b7fe941566ef820b6059a3e66487d6d04590a53ae1c73d25056773e
                                                                • Instruction Fuzzy Hash: 5AA1816190E3C1DFC791D7F9B8A17B57FE87F26366B08889DD0419BB22D224450BDB22
                                                                Function 009842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 638 9842a2-9842ba CreateStreamOnHGlobal 639 9842da-9842dd 638->639 640 9842bc-9842d3 FindResourceExW 638->640 641 9842d9 640->641 642 9c35ba-9c35c9 LoadResource 640->642 641->639 642->641 643 9c35cf-9c35dd SizeofResource 642->643 643->641 644 9c35e3-9c35ee LockResource 643->644 644->641 645 9c35f4-9c35fc 644->645 646 9c3600-9c3612 645->646 646->641
                                                                APIs
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,009850AA,?,?,00000000,00000000), ref: 009842B2
                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,009850AA,?,?,00000000,00000000), ref: 009842C9
                                                                • LoadResource.KERNEL32(?,00000000,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20), ref: 009C35BE
                                                                • SizeofResource.KERNEL32(?,00000000,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20), ref: 009C35D3
                                                                • LockResource.KERNEL32(009850AA,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20,?), ref: 009C35E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                • String ID: SCRIPT
                                                                • API String ID: 3051347437-3967369404
                                                                • Opcode ID: fbff5863f52f1426839a65224fc1f1a1ea73fb8c79b22aab6147a394f579019e
                                                                • Instruction ID: 00ae363332aad2e73e4c5a76ebbc77ce8a94a154d11c1ed47845b750edbae52f
                                                                • Opcode Fuzzy Hash: fbff5863f52f1426839a65224fc1f1a1ea73fb8c79b22aab6147a394f579019e
                                                                • Instruction Fuzzy Hash: C511AC70244305BFD721ABA5DC48FA77BBDEFC9B65F108169B412C6290DB71D8008620
                                                                Function 009C2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00982B6B
                                                                  • Part of subcall function 00983A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00A51418,?,00982E7F,?,?,?,00000000), ref: 00983A78
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00A42224), ref: 009C2C10
                                                                • ShellExecuteW.SHELL32(00000000,?,?,00A42224), ref: 009C2C17
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                • String ID: runas
                                                                • API String ID: 448630720-4000483414
                                                                • Opcode ID: 738bbca4535ecca1e69c3f047040998abddfdb8a6097401103c9dce196d31133
                                                                • Instruction ID: 370878f3dff25d940e36025d373a077db1be4a1b3c62bd020ad7ea865eaffe4a
                                                                • Opcode Fuzzy Hash: 738bbca4535ecca1e69c3f047040998abddfdb8a6097401103c9dce196d31133
                                                                • Instruction Fuzzy Hash: DD11D371608301AAC704FF70E851FBEB7A8ABD2751F44982DF082572A3CF358A4A8712
                                                                Function 009ED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 009ED501
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 009ED50F
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 009ED52F
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 009ED5DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3243318325-0
                                                                • Opcode ID: 238ce7125f1f3aafe8e5f7a10c4e86194ca5488e1831894180a16bd19c576827
                                                                • Instruction ID: 80a62aa46aaf1f652f66445ad0b3c266acbf759f363d77c0a4708dd47c8e1718
                                                                • Opcode Fuzzy Hash: 238ce7125f1f3aafe8e5f7a10c4e86194ca5488e1831894180a16bd19c576827
                                                                • Instruction Fuzzy Hash: 1831AD71008340AFD301EF94C885BBFBBE8EFD9354F14092DF581862A1EB719A49CB92
                                                                Function 009EDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 907 9edbbe-9edbda lstrlenW 908 9edbdc-9edbe6 GetFileAttributesW 907->908 909 9edc06 907->909 910 9edbe8-9edbf7 FindFirstFileW 908->910 911 9edc09-9edc0d 908->911 909->911 910->909 912 9edbf9-9edc04 FindClose 910->912 912->911
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,009C5222), ref: 009EDBCE
                                                                • GetFileAttributesW.KERNEL32(?), ref: 009EDBDD
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009EDBEE
                                                                • FindClose.KERNEL32(00000000), ref: 009EDBFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                • String ID:
                                                                • API String ID: 2695905019-0
                                                                • Opcode ID: 84afa12b2360a7ff756b09d1b8765c401b9a727bb25f3b7494dbd402a42ed21e
                                                                • Instruction ID: b7efda5b5700189591479785b48ecacf29bd9b92956087609dffcb14d8393ccb
                                                                • Opcode Fuzzy Hash: 84afa12b2360a7ff756b09d1b8765c401b9a727bb25f3b7494dbd402a42ed21e
                                                                • Instruction Fuzzy Hash: CBF0E530851910A7C221BBBCAD0D8EA376C9E01374B208702F8B6C20F0FBB45D66C6D6
                                                                Function 009A4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000,?,009B28E9), ref: 009A4D09
                                                                • TerminateProcess.KERNEL32(00000000,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000,?,009B28E9), ref: 009A4D10
                                                                • ExitProcess.KERNEL32 ref: 009A4D22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 1f05861985d25584e36922e6f6a0de5bb3a857fbc8f0378d8127062ecd23b030
                                                                • Instruction ID: 1c6597fcbca0c8a0b4d397faa68d16d0155fcf7fb9e2c3b17f7d1684effa6b1f
                                                                • Opcode Fuzzy Hash: 1f05861985d25584e36922e6f6a0de5bb3a857fbc8f0378d8127062ecd23b030
                                                                • Instruction Fuzzy Hash: EDE0B631040148BBCF11AF94DE0AA987B69EB827A5B108014FD198A162DB75EE42CA80
                                                                Function 0098D730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 0098D807
                                                                • timeGetTime.WINMM ref: 0098DA07
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0098DB28
                                                                • TranslateMessage.USER32(?), ref: 0098DB7B
                                                                • DispatchMessageW.USER32(?), ref: 0098DB89
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0098DB9F
                                                                • Sleep.KERNEL32(0000000A), ref: 0098DBB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                • String ID:
                                                                • API String ID: 2189390790-0
                                                                • Opcode ID: 322f85a5c3a8c47b8cba9d9aca331e1c6c9175c77706b48d16540e4fb6639a94
                                                                • Instruction ID: a002d815eed88b5eeb78a3a03021ebedf2e478f3c03c678a0822c06b10fe9d2e
                                                                • Opcode Fuzzy Hash: 322f85a5c3a8c47b8cba9d9aca331e1c6c9175c77706b48d16540e4fb6639a94
                                                                • Instruction Fuzzy Hash: C042F13064A341EFD728EF24C844BAAB7E9BF96310F14891AE495873D1D775E845CB82
                                                                Function 00982CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00982D07
                                                                • RegisterClassExW.USER32(00000030), ref: 00982D31
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00982D42
                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00982D5F
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00982D6F
                                                                • LoadIconW.USER32(000000A9), ref: 00982D85
                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00982D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                • API String ID: 2914291525-1005189915
                                                                • Opcode ID: 3bd88cec7890456c743c8444193cd7171e8908d50e53988037d15c09cff8bd40
                                                                • Instruction ID: c60bf2f2a135450e20b5f6d66597f7dd8ff4ebabee5801ab6c57bba46ed07f1e
                                                                • Opcode Fuzzy Hash: 3bd88cec7890456c743c8444193cd7171e8908d50e53988037d15c09cff8bd40
                                                                • Instruction Fuzzy Hash: 8921C0B5941318EFDB00DFE4E889BEDBBB8FB08725F00811AF511A62A0D7B14546CF95
                                                                Function 009C065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 302 9c065b-9c068b call 9c042f 305 9c068d-9c0698 call 9af2c6 302->305 306 9c06a6-9c06b2 call 9b5221 302->306 313 9c069a-9c06a1 call 9af2d9 305->313 311 9c06cb-9c0714 call 9c039a 306->311 312 9c06b4-9c06c9 call 9af2c6 call 9af2d9 306->312 322 9c0716-9c071f 311->322 323 9c0781-9c078a GetFileType 311->323 312->313 320 9c097d-9c0983 313->320 327 9c0756-9c077c GetLastError call 9af2a3 322->327 328 9c0721-9c0725 322->328 324 9c078c-9c07bd GetLastError call 9af2a3 CloseHandle 323->324 325 9c07d3-9c07d6 323->325 324->313 341 9c07c3-9c07ce call 9af2d9 324->341 331 9c07df-9c07e5 325->331 332 9c07d8-9c07dd 325->332 327->313 328->327 333 9c0727-9c0754 call 9c039a 328->333 336 9c07e9-9c0837 call 9b516a 331->336 337 9c07e7 331->337 332->336 333->323 333->327 344 9c0839-9c0845 call 9c05ab 336->344 345 9c0847-9c086b call 9c014d 336->345 337->336 341->313 344->345 351 9c086f-9c0879 call 9b86ae 344->351 352 9c086d 345->352 353 9c087e-9c08c1 345->353 351->320 352->351 355 9c08e2-9c08f0 353->355 356 9c08c3-9c08c7 353->356 357 9c097b 355->357 358 9c08f6-9c08fa 355->358 356->355 360 9c08c9-9c08dd 356->360 357->320 358->357 361 9c08fc-9c092f CloseHandle call 9c039a 358->361 360->355 364 9c0931-9c095d GetLastError call 9af2a3 call 9b5333 361->364 365 9c0963-9c0977 361->365 364->365 365->357
                                                                APIs
                                                                  • Part of subcall function 009C039A: CreateFileW.KERNEL32(00000000,00000000,?,009C0704,?,?,00000000,?,009C0704,00000000,0000000C), ref: 009C03B7
                                                                • GetLastError.KERNEL32 ref: 009C076F
                                                                • __dosmaperr.LIBCMT ref: 009C0776
                                                                • GetFileType.KERNEL32(00000000), ref: 009C0782
                                                                • GetLastError.KERNEL32 ref: 009C078C
                                                                • __dosmaperr.LIBCMT ref: 009C0795
                                                                • CloseHandle.KERNEL32(00000000), ref: 009C07B5
                                                                • CloseHandle.KERNEL32(?), ref: 009C08FF
                                                                • GetLastError.KERNEL32 ref: 009C0931
                                                                • __dosmaperr.LIBCMT ref: 009C0938
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: 42664477c55d7a3e4acedf21075d90dd8135f1137c68017e636fa588e8f1a614
                                                                • Instruction ID: 213e79d321ebeb89e91e0c1b92901ae876ecf3b3907c2ce4436f78964ed8a885
                                                                • Opcode Fuzzy Hash: 42664477c55d7a3e4acedf21075d90dd8135f1137c68017e636fa588e8f1a614
                                                                • Instruction Fuzzy Hash: DDA1F332E042048FDF19EFA8DC51FAE7BA4AB86320F14415DF8259B291D7359917CB92
                                                                Function 0098344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00983A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00A51418,?,00982E7F,?,?,?,00000000), ref: 00983A78
                                                                  • Part of subcall function 00983357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00983379
                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0098356A
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 009C318D
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 009C31CE
                                                                • RegCloseKey.ADVAPI32(?), ref: 009C3210
                                                                • _wcslen.LIBCMT ref: 009C3277
                                                                • _wcslen.LIBCMT ref: 009C3286
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                • API String ID: 98802146-2727554177
                                                                • Opcode ID: af68c8472d36765f01b97b9f1d276df16df6098dc4912e31990ac84e43b84be8
                                                                • Instruction ID: 1680ea194c9e0bd0468f87038b395808c9887f6f1f7ab168a878a77a97158090
                                                                • Opcode Fuzzy Hash: af68c8472d36765f01b97b9f1d276df16df6098dc4912e31990ac84e43b84be8
                                                                • Instruction Fuzzy Hash: 1571A1714083019EC704EFA5DC81BABBBE8FFD6760F40482EF4459B261EB349A49CB52
                                                                Function 00982B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00982B8E
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00982B9D
                                                                • LoadIconW.USER32(00000063), ref: 00982BB3
                                                                • LoadIconW.USER32(000000A4), ref: 00982BC5
                                                                • LoadIconW.USER32(000000A2), ref: 00982BD7
                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00982BEF
                                                                • RegisterClassExW.USER32(?), ref: 00982C40
                                                                  • Part of subcall function 00982CD4: GetSysColorBrush.USER32(0000000F), ref: 00982D07
                                                                  • Part of subcall function 00982CD4: RegisterClassExW.USER32(00000030), ref: 00982D31
                                                                  • Part of subcall function 00982CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00982D42
                                                                  • Part of subcall function 00982CD4: InitCommonControlsEx.COMCTL32(?), ref: 00982D5F
                                                                  • Part of subcall function 00982CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00982D6F
                                                                  • Part of subcall function 00982CD4: LoadIconW.USER32(000000A9), ref: 00982D85
                                                                  • Part of subcall function 00982CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00982D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                • String ID: #$0$AutoIt v3
                                                                • API String ID: 423443420-4155596026
                                                                • Opcode ID: ce782979b4c1658a07ac46028365972f8e45168724b7c8bde56582ae0ed4b6a4
                                                                • Instruction ID: badd881b661a347918ceca7c4d2a1c87f43f895edf7c6a77b40d8857cddc525c
                                                                • Opcode Fuzzy Hash: ce782979b4c1658a07ac46028365972f8e45168724b7c8bde56582ae0ed4b6a4
                                                                • Instruction Fuzzy Hash: 27214970E40318ABDB50DFE6EC69BA97FB4FB48B65F00415AE500AA6A0D3B10942CF94
                                                                Function 00983170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 983170-983185 444 9831e5-9831e7 443->444 445 983187-98318a 443->445 444->445 448 9831e9 444->448 446 9831eb 445->446 447 98318c-983193 445->447 452 9c2dfb-9c2e23 call 9818e2 call 99e499 446->452 453 9831f1-9831f6 446->453 449 983199-98319e 447->449 450 983265-98326d PostQuitMessage 447->450 451 9831d0-9831d8 DefWindowProcW 448->451 455 9c2e7c-9c2e90 call 9ebf30 449->455 456 9831a4-9831a8 449->456 458 983219-98321b 450->458 457 9831de-9831e4 451->457 488 9c2e28-9c2e2f 452->488 459 9831f8-9831fb 453->459 460 98321d-983244 SetTimer RegisterWindowMessageW 453->460 455->458 481 9c2e96 455->481 462 9c2e68-9c2e77 call 9ec161 456->462 463 9831ae-9831b3 456->463 458->457 466 9c2d9c-9c2d9f 459->466 467 983201-98320f KillTimer call 9830f2 459->467 460->458 464 983246-983251 CreatePopupMenu 460->464 462->458 471 9c2e4d-9c2e54 463->471 472 9831b9-9831be 463->472 464->458 474 9c2dd7-9c2df6 MoveWindow 466->474 475 9c2da1-9c2da5 466->475 476 983214 call 983c50 467->476 471->451 484 9c2e5a-9c2e63 call 9e0ad7 471->484 479 983253-983263 call 98326f 472->479 480 9831c4-9831ca 472->480 474->458 482 9c2dc6-9c2dd2 SetFocus 475->482 483 9c2da7-9c2daa 475->483 476->458 479->458 480->451 480->488 481->451 482->458 483->480 489 9c2db0-9c2dc1 call 9818e2 483->489 484->451 488->451 492 9c2e35-9c2e48 call 9830f2 call 983837 488->492 489->458 492->451
                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0098316A,?,?), ref: 009831D8
                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,0098316A,?,?), ref: 00983204
                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00983227
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0098316A,?,?), ref: 00983232
                                                                • CreatePopupMenu.USER32 ref: 00983246
                                                                • PostQuitMessage.USER32(00000000), ref: 00983267
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                • String ID: TaskbarCreated
                                                                • API String ID: 129472671-2362178303
                                                                • Opcode ID: e5a433729285f2fa1d0668257d9d018d3e680b90051c0db269de70372e8fc325
                                                                • Instruction ID: d68de94d3d924660a72d3310fa093bb9a38a956518a314667e8f53940aac95ee
                                                                • Opcode Fuzzy Hash: e5a433729285f2fa1d0668257d9d018d3e680b90051c0db269de70372e8fc325
                                                                • Instruction Fuzzy Hash: 4A412435244304AADF15BBB89C1DBBD3A1DFB45F11F04C529F912863E1EBB49A4287A2
                                                                Function 00981410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 981410-981449 500 9c24b8-9c24b9 DestroyWindow 499->500 501 98144f-981465 mciSendStringW 499->501 504 9c24c4-9c24d1 500->504 502 98146b-981473 501->502 503 9816c6-9816d3 501->503 502->504 505 981479-981488 call 98182e 502->505 506 9816f8-9816ff 503->506 507 9816d5-9816f0 UnregisterHotKey 503->507 508 9c2500-9c2507 504->508 509 9c24d3-9c24d6 504->509 520 9c250e-9c251a 505->520 521 98148e-981496 505->521 506->502 512 981705 506->512 507->506 511 9816f2-9816f3 call 9810d0 507->511 508->504 517 9c2509 508->517 513 9c24d8-9c24e0 call 986246 509->513 514 9c24e2-9c24e5 FindClose 509->514 511->506 512->503 519 9c24eb-9c24f8 513->519 514->519 517->520 519->508 525 9c24fa-9c24fb call 9f32b1 519->525 522 9c251c-9c251e FreeLibrary 520->522 523 9c2524-9c252b 520->523 526 98149c-9814c1 call 98cfa0 521->526 527 9c2532-9c253f 521->527 522->523 523->520 528 9c252d 523->528 525->508 537 9814f8-981503 OleUninitialize 526->537 538 9814c3 526->538 529 9c2566-9c256d 527->529 530 9c2541-9c255e VirtualFree 527->530 528->527 529->527 534 9c256f 529->534 530->529 533 9c2560-9c2561 call 9f3317 530->533 533->529 540 9c2574-9c2578 534->540 539 981509-98150e 537->539 537->540 541 9814c6-9814f6 call 981a05 call 9819ae 538->541 543 9c2589-9c2596 call 9f32eb 539->543 544 981514-98151e 539->544 540->539 545 9c257e-9c2584 540->545 541->537 557 9c2598 543->557 548 981524-9815a5 call 98988f call 981944 call 9817d5 call 99fe14 call 98177c call 98988f call 98cfa0 call 9817fe call 99fe14 544->548 549 981707-981714 call 99f80e 544->549 545->539 561 9c259d-9c25bf call 99fdcd 548->561 589 9815ab-9815cf call 99fe14 548->589 549->548 559 98171a 549->559 557->561 559->549 567 9c25c1 561->567 571 9c25c6-9c25e8 call 99fdcd 567->571 577 9c25ea 571->577 580 9c25ef-9c2611 call 99fdcd 577->580 585 9c2613 580->585 588 9c2618-9c2625 call 9e64d4 585->588 594 9c2627 588->594 589->571 595 9815d5-9815f9 call 99fe14 589->595 597 9c262c-9c2639 call 99ac64 594->597 595->580 599 9815ff-981619 call 99fe14 595->599 604 9c263b 597->604 599->588 605 98161f-981643 call 9817d5 call 99fe14 599->605 607 9c2640-9c264d call 9f3245 604->607 605->597 614 981649-981651 605->614 612 9c264f 607->612 615 9c2654-9c2661 call 9f32cc 612->615 614->607 616 981657-981675 call 98988f call 98190a 614->616 621 9c2663 615->621 616->615 625 98167b-981689 616->625 624 9c2668-9c2675 call 9f32cc 621->624 631 9c2677 624->631 625->624 627 98168f-9816c5 call 98988f * 3 call 981876 625->627 631->631
                                                                APIs
                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00981459
                                                                • OleUninitialize.OLE32(?,00000000), ref: 009814F8
                                                                • UnregisterHotKey.USER32(?), ref: 009816DD
                                                                • DestroyWindow.USER32(?), ref: 009C24B9
                                                                • FreeLibrary.KERNEL32(?), ref: 009C251E
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 009C254B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                • String ID: close all
                                                                • API String ID: 469580280-3243417748
                                                                • Opcode ID: d5b8d20a9437be0f687289fbd7d26e1cf382cfd30f32b550441f6309a6825646
                                                                • Instruction ID: 0e5ef459f6c3a0a96a10b7c9c452fb27691fb348dac4675c9a882888e0744a86
                                                                • Opcode Fuzzy Hash: d5b8d20a9437be0f687289fbd7d26e1cf382cfd30f32b550441f6309a6825646
                                                                • Instruction Fuzzy Hash: E8D14731B012128FCB19EF54C999F69F7A8BF45710F2442ADE44AAB362DB31AD12CF51
                                                                Function 00982C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 648 982c63-982cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                APIs
                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00982C91
                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00982CB2
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00981CAD,?), ref: 00982CC6
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00981CAD,?), ref: 00982CCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$CreateShow
                                                                • String ID: AutoIt v3$edit
                                                                • API String ID: 1584632944-3779509399
                                                                • Opcode ID: 2f65e048e40f4dbd571a7e457ceb7ac6473690313637a234d1f72b38099bb396
                                                                • Instruction ID: 09ac8ab778c2f6351f0d8737dcec99fe8f2327c8aa8dfc1773919084b19c43c6
                                                                • Opcode Fuzzy Hash: 2f65e048e40f4dbd571a7e457ceb7ac6473690313637a234d1f72b38099bb396
                                                                • Instruction Fuzzy Hash: 26F03A795803907AEB708793AC1CFB72EBDE7C6F71F01401AF900AA5B0D2610842DAB0
                                                                Function 00A0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 763 a0ad64-a0ad9c call 98a961 call 9a2340 768 a0add1-a0add5 763->768 769 a0ad9e-a0adb5 call 987510 763->769 770 a0adf1-a0adf5 768->770 771 a0add7-a0adee call 987510 call 987620 768->771 769->768 780 a0adb7-a0adce call 987510 call 987620 769->780 774 a0adf7-a0ae0e call 987510 770->774 775 a0ae3a 770->775 771->770 778 a0ae3c-a0ae40 774->778 789 a0ae10-a0ae21 call 989b47 774->789 775->778 782 a0ae42-a0ae50 call 98b567 778->782 783 a0ae53-a0aeae call 9a2340 call 987510 ShellExecuteExW 778->783 780->768 782->783 801 a0aeb0-a0aeb6 call 99fe14 783->801 802 a0aeb7-a0aeb9 783->802 789->775 799 a0ae23-a0ae2e call 987510 789->799 799->775 808 a0ae30-a0ae35 call 98a8c7 799->808 801->802 804 a0aec2-a0aec6 802->804 805 a0aebb-a0aec1 call 99fe14 802->805 810 a0aec8-a0aed6 804->810 811 a0af0a-a0af0e 804->811 805->804 808->775 814 a0aed8 810->814 815 a0aedb-a0aeeb 810->815 816 a0af10-a0af19 811->816 817 a0af1b-a0af33 call 98cfa0 811->817 814->815 819 a0aef0-a0af08 call 98cfa0 815->819 820 a0aeed 815->820 821 a0af6d-a0af7b call 98988f 816->821 817->821 825 a0af35-a0af46 GetProcessId 817->825 819->821 820->819 828 a0af48 825->828 829 a0af4e-a0af67 call 98cfa0 CloseHandle 825->829 828->829 829->821
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00A0AEA3
                                                                  • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                • GetProcessId.KERNEL32(00000000), ref: 00A0AF38
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0AF67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                • String ID: <$@
                                                                • API String ID: 146682121-1426351568
                                                                • Opcode ID: d93cb26dea439bdc5d36d8a8dee6cd72ec1b652ad527206575ad027af9ea9c80
                                                                • Instruction ID: e3c1a4245c796216ffdbe8175ce3918ec1761c546dc7c6dd3fabad1c9da7e8f4
                                                                • Opcode Fuzzy Hash: d93cb26dea439bdc5d36d8a8dee6cd72ec1b652ad527206575ad027af9ea9c80
                                                                • Instruction Fuzzy Hash: 8E717A71A00619DFCB14EF94D484A9EBBF0FF48314F148499E856AB792CB74ED41CBA1
                                                                Function 00983B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 983b1c-983b27 869 983b99-983b9b 868->869 870 983b29-983b2e 868->870 872 983b8c-983b8f 869->872 870->869 871 983b30-983b48 RegOpenKeyExW 870->871 871->869 873 983b4a-983b69 RegQueryValueExW 871->873 874 983b6b-983b76 873->874 875 983b80-983b8b RegCloseKey 873->875 876 983b78-983b7a 874->876 877 983b90-983b97 874->877 875->872 878 983b7e 876->878 877->878 878->875
                                                                APIs
                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B40
                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B61
                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B83
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: Control Panel\Mouse
                                                                • API String ID: 3677997916-824357125
                                                                • Opcode ID: 7e35d246d8edee291c3b699eabee9c99b980b7a9f49bf2e7ba48aed96d286a17
                                                                • Instruction ID: d2e7fd06a1e2244991fea19a49684231b4832544c2af3367a42ba2ff532d1706
                                                                • Opcode Fuzzy Hash: 7e35d246d8edee291c3b699eabee9c99b980b7a9f49bf2e7ba48aed96d286a17
                                                                • Instruction Fuzzy Hash: 02112AB5510208FFDB20DFA5DC44AFEB7BCEF04B94B108959A805D7210E2319F419B60
                                                                Function 00983923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 009C33A2
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00983A04
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                • String ID: Line:
                                                                • API String ID: 2289894680-1585850449
                                                                • Opcode ID: ddc83f4c6ebb750faccdecce8879ba3c437099899f34c40d5f3e8d2611a62226
                                                                • Instruction ID: 8440b27f93c684c4f6888cf1139866b9007cc40c3b3d8da7b0cf9a890ad43002
                                                                • Opcode Fuzzy Hash: ddc83f4c6ebb750faccdecce8879ba3c437099899f34c40d5f3e8d2611a62226
                                                                • Instruction Fuzzy Hash: 3F31A171408300AAD725FB60DC45BEBB7DCAB80B20F00892EF59997291EB749A49C7C2
                                                                Function 0099FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 009A0668
                                                                  • Part of subcall function 009A32A4: RaiseException.KERNEL32(?,?,?,009A068A,?,00A51444,?,?,?,?,?,?,009A068A,00981129,00A48738,00981129), ref: 009A3304
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 009A0685
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                • String ID: Unknown exception
                                                                • API String ID: 3476068407-410509341
                                                                • Opcode ID: b8f7d261841a17792a8b987e25990ffe567f314d3401ed30d565eabc80c1e75e
                                                                • Instruction ID: 877ea1f27790be1ade6ea011a2a473e2c12b35b19bc1233ee1156dcfb12a507b
                                                                • Opcode Fuzzy Hash: b8f7d261841a17792a8b987e25990ffe567f314d3401ed30d565eabc80c1e75e
                                                                • Instruction Fuzzy Hash: D2F0F634D0020D77CF00B6A8E856E9EB76C6EC2354B604531B828D65D1EF71EA65C5C0
                                                                Function 009810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00981BF4
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00981BFC
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00981C07
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00981C12
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00981C1A
                                                                  • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00981C22
                                                                  • Part of subcall function 00981B4A: RegisterWindowMessageW.USER32(00000004,?,009812C4), ref: 00981BA2
                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0098136A
                                                                • OleInitialize.OLE32 ref: 00981388
                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 009C24AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                • String ID:
                                                                • API String ID: 1986988660-0
                                                                • Opcode ID: 4c5697c1d2e5d0bb55c1db96ab77281656f18068164dbc39dd5491935d52dfde
                                                                • Instruction ID: fcb44e24441b34e39db6503841c8f647f4fc8ff28c5d99ff54fddd440242d44f
                                                                • Opcode Fuzzy Hash: 4c5697c1d2e5d0bb55c1db96ab77281656f18068164dbc39dd5491935d52dfde
                                                                • Instruction Fuzzy Hash: 147188B49113008FC794EFF9A945BB53AE4FB88396754962AE40AC7361FB304887CF55
                                                                Function 009B86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,009B85CC,?,00A48CC8,0000000C), ref: 009B8704
                                                                • GetLastError.KERNEL32(?,009B85CC,?,00A48CC8,0000000C), ref: 009B870E
                                                                • __dosmaperr.LIBCMT ref: 009B8739
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                • String ID:
                                                                • API String ID: 490808831-0
                                                                • Opcode ID: 056edbde636084b437eb45927fb763170576ff216f03f00e218a9c8ee05742c4
                                                                • Instruction ID: 81dfb9f7f7031f7b0e52e78edae8a4d56680117364680a687ac6056d4c9f3376
                                                                • Opcode Fuzzy Hash: 056edbde636084b437eb45927fb763170576ff216f03f00e218a9c8ee05742c4
                                                                • Instruction Fuzzy Hash: 8B014E32605720A6D664B374AB49BFF678D4BCA778F39011DF8148B1D2DEA1CC81C190
                                                                Function 00991310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 009917F6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: CALL
                                                                • API String ID: 1385522511-4196123274
                                                                • Opcode ID: 9cabbb514caaa98f18a779157a81a94271f4e6725d4cf0f47e8698c3f1bdfb9a
                                                                • Instruction ID: 806f96a69fe22500487632e180f5019eb171a6b433cffbc48926f41726dd2d25
                                                                • Opcode Fuzzy Hash: 9cabbb514caaa98f18a779157a81a94271f4e6725d4cf0f47e8698c3f1bdfb9a
                                                                • Instruction Fuzzy Hash: DE227B706083029FCB14DF18C494B2ABBF5BF89314F29895DF4968B3A1D735E885CB92
                                                                Function 00982DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetOpenFileNameW.COMDLG32(?), ref: 009C2C8C
                                                                  • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                  • Part of subcall function 00982DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00982DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Name$Path$FileFullLongOpen
                                                                • String ID: X
                                                                • API String ID: 779396738-3081909835
                                                                • Opcode ID: 7c1c18529d7b9cf126316958ca09f9f39be2fb371541eacf9ed3ff7677da27ef
                                                                • Instruction ID: 17f0e6e01c506b4f12c835024bd5e3d25b6d23b94be763c6ba755ab8cb516238
                                                                • Opcode Fuzzy Hash: 7c1c18529d7b9cf126316958ca09f9f39be2fb371541eacf9ed3ff7677da27ef
                                                                • Instruction Fuzzy Hash: B221A571E002589FCF01EF94C845BEE7BFCAF89715F008059E405AB341DBB85A498FA2
                                                                Function 00983837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00983908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 00df1ed409dcfb5bcdb84e95dcdca567a2791c60ed843d82569fb48e8d049375
                                                                • Instruction ID: bbcd000016774f0c8e0e2ed2095e7fdd57e682895aa0eec1e283f29b8ca0828b
                                                                • Opcode Fuzzy Hash: 00df1ed409dcfb5bcdb84e95dcdca567a2791c60ed843d82569fb48e8d049375
                                                                • Instruction Fuzzy Hash: 8831B470A04301DFD760EF64D894BA7BBE8FB49719F00492EF99A87350E771AA44CB52
                                                                Function 00984ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00984E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E9C
                                                                  • Part of subcall function 00984E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00984EAE
                                                                  • Part of subcall function 00984E90: FreeLibrary.KERNEL32(00000000,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EC0
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EFD
                                                                  • Part of subcall function 00984E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E62
                                                                  • Part of subcall function 00984E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00984E74
                                                                  • Part of subcall function 00984E59: FreeLibrary.KERNEL32(00000000,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E87
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressFreeProc
                                                                • String ID:
                                                                • API String ID: 2632591731-0
                                                                • Opcode ID: fa5099fe6445abdecf573bab01bb52c806b6990aae9208261f8a9b4f4f60f66a
                                                                • Instruction ID: fdd935ad77349451ec21906c04491c87c74ba3cc31654ddd6806da11f85ab32c
                                                                • Opcode Fuzzy Hash: fa5099fe6445abdecf573bab01bb52c806b6990aae9208261f8a9b4f4f60f66a
                                                                • Instruction Fuzzy Hash: CF11E732650206AACF14FF60DC02FAD77A5AF80714F10842DF582A62C1EE749E459B50
                                                                Function 009B8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: 69dbeaed26da149f1845cfd379ea5715ed2376a06a3f96f0e537b1492878dac8
                                                                • Instruction ID: 8cb0ea9ef8a170c5551c631ad667aa191c4e1e4842039055595290f4e7242aec
                                                                • Opcode Fuzzy Hash: 69dbeaed26da149f1845cfd379ea5715ed2376a06a3f96f0e537b1492878dac8
                                                                • Instruction Fuzzy Hash: 7511187590420AAFCF05DF98EA41ADB7BF9EF48314F114059FC08AB312DA31DA11CBA5
                                                                Function 009B5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009B4C7D: RtlAllocateHeap.NTDLL(00000008,00981129,00000000,?,009B2E29,00000001,00000364,?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?), ref: 009B4CBE
                                                                • _free.LIBCMT ref: 009B506C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free
                                                                • String ID:
                                                                • API String ID: 614378929-0
                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction ID: a2a87843f5f14e4cf1fe50fe0d46bebc68806f06b30215e92c5899b76a7649ff
                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction Fuzzy Hash: 510126722047056BE3219F659881BDAFBEDFB89370F26091DE18893280EA30A805C6B4
                                                                Function 009AE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction ID: a3d938786b48cfaeaa409e091a625eef373685b00a642bf9704ccaeaf0d8a7fb
                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction Fuzzy Hash: F4F0F432511A14A6D6313A698D09B9B339C9FD3330F100F15F825921D2DB74E80186E9
                                                                Function 009B4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,00981129,00000000,?,009B2E29,00000001,00000364,?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?), ref: 009B4CBE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: f7be3ecd2128e477673d95c618e072c540dc19d6fbc48a86305b042af498fde8
                                                                • Instruction ID: b4060e2c1ba49087fc648489985eed1a55fb94d02fe61e9f1688ebce19f71bb7
                                                                • Opcode Fuzzy Hash: f7be3ecd2128e477673d95c618e072c540dc19d6fbc48a86305b042af498fde8
                                                                • Instruction Fuzzy Hash: 7DF0E03154222467DB215F619E05BD63F4CBF81F71F148121FC99D6183CA70DC0165D0
                                                                Function 009B3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 23cc9449971297e8d25b8cdd0b5f33dfcd344678a03fd4a08e3fd8bcc8a2f5a6
                                                                • Instruction ID: b957077506a8760dbd6bea0bdc8bdabe27d4ee5ca022974963f604cefe91c606
                                                                • Opcode Fuzzy Hash: 23cc9449971297e8d25b8cdd0b5f33dfcd344678a03fd4a08e3fd8bcc8a2f5a6
                                                                • Instruction Fuzzy Hash: A6E02231140224AAE731AABB9E00BDB375CBFC37B0F168134BC1596890DB60DE0282E3
                                                                Function 00984F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984F6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID:
                                                                • API String ID: 3664257935-0
                                                                • Opcode ID: e0c4a1fdbcf24e28f6475f6974afe5237327bdc5c7a06d7d135c785457426ba6
                                                                • Instruction ID: 996e711f67bbe7b69e4a09beafcfb05558bae50e45fd8819aee9d262b18d38d9
                                                                • Opcode Fuzzy Hash: e0c4a1fdbcf24e28f6475f6974afe5237327bdc5c7a06d7d135c785457426ba6
                                                                • Instruction Fuzzy Hash: CDF03971105752CFDB34AF64D490822BBE8BF143293258E7EE2EA82621C7359844DF50
                                                                Function 009830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0098314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 1a91d7c76cfef10ffdb83b1344e8e13d15c5d6a13c87538a889d665176134787
                                                                • Instruction ID: 9c7600f4511743c63931e38dd0208cf8c59c5360f398fa34e15c8e778c71a2e6
                                                                • Opcode Fuzzy Hash: 1a91d7c76cfef10ffdb83b1344e8e13d15c5d6a13c87538a889d665176134787
                                                                • Instruction Fuzzy Hash: 18F037709143149FEB92DB64DC497E57BBCB701718F0000E5A54896291DB745789CF51
                                                                Function 00982DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00982DC4
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LongNamePath_wcslen
                                                                • String ID:
                                                                • API String ID: 541455249-0
                                                                • Opcode ID: 1adaa06706fd866097f78b2e13228b3bbf3f71ca3f947496904887bdc26b6ff4
                                                                • Instruction ID: fa9223afe8a31a1a2caa3765c8e28cd49e60d49f705c0c7a5b09eb89c1fcbf82
                                                                • Opcode Fuzzy Hash: 1adaa06706fd866097f78b2e13228b3bbf3f71ca3f947496904887bdc26b6ff4
                                                                • Instruction Fuzzy Hash: 98E0CD76A042245BC710E2989C05FDA77DDDFC8790F044075FD09D7248DA70ED808651
                                                                Function 00982B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00983837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00983908
                                                                  • Part of subcall function 0098D730: GetInputState.USER32 ref: 0098D807
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00982B6B
                                                                  • Part of subcall function 009830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0098314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                • String ID:
                                                                • API String ID: 3667716007-0
                                                                • Opcode ID: f7efcdb52ed936d34acf35b22d44dc0a1a4e4a55c89ba73c05dec13731555029
                                                                • Instruction ID: 40d59838b33a74add9b3bc1da2055efa313ee741ed1c1ce284aa3a87854bec91
                                                                • Opcode Fuzzy Hash: f7efcdb52ed936d34acf35b22d44dc0a1a4e4a55c89ba73c05dec13731555029
                                                                • Instruction Fuzzy Hash: 2CE0866230524406CA04BB74A8527BDE7599BD1756F40553EF546873E2CE24494A4352
                                                                Function 009C039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,00000000,?,009C0704,?,?,00000000,?,009C0704,00000000,0000000C), ref: 009C03B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 27524e543146922a14432c5bfa0f4f0c61e9ec28acc41a0add54b95ea6af45cd
                                                                • Instruction ID: cda965eeefde909c94b4dd55601576e35279055284fed9f5403a1474e3f162f9
                                                                • Opcode Fuzzy Hash: 27524e543146922a14432c5bfa0f4f0c61e9ec28acc41a0add54b95ea6af45cd
                                                                • Instruction Fuzzy Hash: FDD06C3208010DBBDF028F84DD06EDA3BAAFB48714F018100BE1856020C732E822AB90
                                                                Function 00981CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00981CBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoParametersSystem
                                                                • String ID:
                                                                • API String ID: 3098949447-0
                                                                • Opcode ID: 6c860f5ee40e79493834638a1445b7256aaac9ed327fc65e18429d248888384e
                                                                • Instruction ID: 2dd8e3da9b11631336c53d6b5c80cbc0e0034563d04f3006a7d51f8f6756dcb1
                                                                • Opcode Fuzzy Hash: 6c860f5ee40e79493834638a1445b7256aaac9ed327fc65e18429d248888384e
                                                                • Instruction Fuzzy Hash: FCC092362C0304AFF215CBC0BC5EF607765B358B26F048401F609AD5F3D3A22822EB50

                                                                Non-executed Functions

                                                                Function 00A19576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00A1961A
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A1965B
                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00A1969F
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A196C9
                                                                • SendMessageW.USER32 ref: 00A196F2
                                                                • GetKeyState.USER32(00000011), ref: 00A1978B
                                                                • GetKeyState.USER32(00000009), ref: 00A19798
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A197AE
                                                                • GetKeyState.USER32(00000010), ref: 00A197B8
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A197E9
                                                                • SendMessageW.USER32 ref: 00A19810
                                                                • SendMessageW.USER32(?,00001030,?,00A17E95), ref: 00A19918
                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00A1992E
                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00A19941
                                                                • SetCapture.USER32(?), ref: 00A1994A
                                                                • ClientToScreen.USER32(?,?), ref: 00A199AF
                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00A199BC
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A199D6
                                                                • ReleaseCapture.USER32 ref: 00A199E1
                                                                • GetCursorPos.USER32(?), ref: 00A19A19
                                                                • ScreenToClient.USER32(?,?), ref: 00A19A26
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A19A80
                                                                • SendMessageW.USER32 ref: 00A19AAE
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A19AEB
                                                                • SendMessageW.USER32 ref: 00A19B1A
                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00A19B3B
                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00A19B4A
                                                                • GetCursorPos.USER32(?), ref: 00A19B68
                                                                • ScreenToClient.USER32(?,?), ref: 00A19B75
                                                                • GetParent.USER32(?), ref: 00A19B93
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A19BFA
                                                                • SendMessageW.USER32 ref: 00A19C2B
                                                                • ClientToScreen.USER32(?,?), ref: 00A19C84
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A19CB4
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A19CDE
                                                                • SendMessageW.USER32 ref: 00A19D01
                                                                • ClientToScreen.USER32(?,?), ref: 00A19D4E
                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00A19D82
                                                                  • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A19E05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                • String ID: @GUI_DRAGID$F
                                                                • API String ID: 3429851547-4164748364
                                                                • Opcode ID: b1a4ae149677c09b42da1ed858c3a724e6083d2cd499af01af1ddaf7835b0a93
                                                                • Instruction ID: 635a56c16769344b6ed71c58d50fdace3a9ca0d80c3a3391d71d4e8062b3fb7c
                                                                • Opcode Fuzzy Hash: b1a4ae149677c09b42da1ed858c3a724e6083d2cd499af01af1ddaf7835b0a93
                                                                • Instruction Fuzzy Hash: 23427C74204241EFDB25CF68CC54BEBBBE5FF89320F144629F6A9872A1D731A891CB51
                                                                Function 00A14873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00A148F3
                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00A14908
                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00A14927
                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00A1494B
                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00A1495C
                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00A1497B
                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00A149AE
                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00A149D4
                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00A14A0F
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A14A56
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A14A7E
                                                                • IsMenu.USER32(?), ref: 00A14A97
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A14AF2
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A14B20
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A14B94
                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00A14BE3
                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00A14C82
                                                                • wsprintfW.USER32 ref: 00A14CAE
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A14CC9
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A14CF1
                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00A14D13
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A14D33
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A14D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                • String ID: %d/%02d/%02d
                                                                • API String ID: 4054740463-328681919
                                                                • Opcode ID: 3f9372b662e20d50783868909545e194d7ceb4b932e06f70fc7f2607fba36c11
                                                                • Instruction ID: 73feb5f7f601119932d2bf4e8647bce16137ed04541997fecf446e79b78533dc
                                                                • Opcode Fuzzy Hash: 3f9372b662e20d50783868909545e194d7ceb4b932e06f70fc7f2607fba36c11
                                                                • Instruction Fuzzy Hash: 2E12E071640214ABEB248F68CC49FEE7BF9EF89720F144129F515DB2E1DB789982CB50
                                                                Function 0099F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0099F998
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009DF474
                                                                • IsIconic.USER32(00000000), ref: 009DF47D
                                                                • ShowWindow.USER32(00000000,00000009), ref: 009DF48A
                                                                • SetForegroundWindow.USER32(00000000), ref: 009DF494
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 009DF4AA
                                                                • GetCurrentThreadId.KERNEL32 ref: 009DF4B1
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 009DF4BD
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 009DF4CE
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 009DF4D6
                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 009DF4DE
                                                                • SetForegroundWindow.USER32(00000000), ref: 009DF4E1
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF4F6
                                                                • keybd_event.USER32(00000012,00000000), ref: 009DF501
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF50B
                                                                • keybd_event.USER32(00000012,00000000), ref: 009DF510
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF519
                                                                • keybd_event.USER32(00000012,00000000), ref: 009DF51E
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF528
                                                                • keybd_event.USER32(00000012,00000000), ref: 009DF52D
                                                                • SetForegroundWindow.USER32(00000000), ref: 009DF530
                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 009DF557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 4125248594-2988720461
                                                                • Opcode ID: 7d0bd5185f355bfa0cdd75d60793530c5b41636e7ccba351b9a45cca5eaeffa2
                                                                • Instruction ID: 87072a120f8019b340394eeb7ab2ad16c776586e2d5acfe1f11d60cf25f21b83
                                                                • Opcode Fuzzy Hash: 7d0bd5185f355bfa0cdd75d60793530c5b41636e7ccba351b9a45cca5eaeffa2
                                                                • Instruction Fuzzy Hash: 30314371AC0318BBEB21ABF55C4AFBF7E6DEB44B60F108466F601E61D1C6B15D01AA60
                                                                Function 009E1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                  • Part of subcall function 009E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                  • Part of subcall function 009E16C3: GetLastError.KERNEL32 ref: 009E174A
                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 009E1286
                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009E12A8
                                                                • CloseHandle.KERNEL32(?), ref: 009E12B9
                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009E12D1
                                                                • GetProcessWindowStation.USER32 ref: 009E12EA
                                                                • SetProcessWindowStation.USER32(00000000), ref: 009E12F4
                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 009E1310
                                                                  • Part of subcall function 009E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009E11FC), ref: 009E10D4
                                                                  • Part of subcall function 009E10BF: CloseHandle.KERNEL32(?,?,009E11FC), ref: 009E10E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                • String ID: $default$winsta0
                                                                • API String ID: 22674027-1027155976
                                                                • Opcode ID: f0f6550cd2aff246688364fc3d17ce22c4e4136ee6bfd85d138db2e1195b3655
                                                                • Instruction ID: dc7e380d2164928b2077dbdd2cffd6d7a48ddbf0759e820b5d25be8f314edba2
                                                                • Opcode Fuzzy Hash: f0f6550cd2aff246688364fc3d17ce22c4e4136ee6bfd85d138db2e1195b3655
                                                                • Instruction Fuzzy Hash: 69819A72900289ABDF22DFA5DC49FEE7BBDEF48710F148129F910A62A0D7718D45CB64
                                                                Function 009E0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                  • Part of subcall function 009E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                  • Part of subcall function 009E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                  • Part of subcall function 009E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                  • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 009E0BCC
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 009E0C00
                                                                • GetLengthSid.ADVAPI32(?), ref: 009E0C17
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 009E0C51
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009E0C6D
                                                                • GetLengthSid.ADVAPI32(?), ref: 009E0C84
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 009E0C8C
                                                                • HeapAlloc.KERNEL32(00000000), ref: 009E0C93
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 009E0CB4
                                                                • CopySid.ADVAPI32(00000000), ref: 009E0CBB
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 009E0CEA
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 009E0D0C
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 009E0D1E
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D45
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0D4C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D55
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0D5C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D65
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0D6C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 009E0D78
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0D7F
                                                                  • Part of subcall function 009E1193: GetProcessHeap.KERNEL32(00000008,009E0BB1,?,00000000,?,009E0BB1,?), ref: 009E11A1
                                                                  • Part of subcall function 009E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,009E0BB1,?), ref: 009E11A8
                                                                  • Part of subcall function 009E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009E0BB1,?), ref: 009E11B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: 4d3d81b213c5290d66130b71e43e8c469ced4a6dc4c80e4873b0e8c7901791cf
                                                                • Instruction ID: 8171718909273c41859ab916f21f3dabd8600995fea9b2473e31c55c8b250ad8
                                                                • Opcode Fuzzy Hash: 4d3d81b213c5290d66130b71e43e8c469ced4a6dc4c80e4873b0e8c7901791cf
                                                                • Instruction Fuzzy Hash: 1671997290025AABDF11DFE5DC44BEEBBBCBF48310F148215E954A7191D7B4AE82CB60
                                                                Function 009FEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenClipboard.USER32(00A1CC08), ref: 009FEB29
                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 009FEB37
                                                                • GetClipboardData.USER32(0000000D), ref: 009FEB43
                                                                • CloseClipboard.USER32 ref: 009FEB4F
                                                                • GlobalLock.KERNEL32(00000000), ref: 009FEB87
                                                                • CloseClipboard.USER32 ref: 009FEB91
                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 009FEBBC
                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 009FEBC9
                                                                • GetClipboardData.USER32(00000001), ref: 009FEBD1
                                                                • GlobalLock.KERNEL32(00000000), ref: 009FEBE2
                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 009FEC22
                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 009FEC38
                                                                • GetClipboardData.USER32(0000000F), ref: 009FEC44
                                                                • GlobalLock.KERNEL32(00000000), ref: 009FEC55
                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 009FEC77
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 009FEC94
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 009FECD2
                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 009FECF3
                                                                • CountClipboardFormats.USER32 ref: 009FED14
                                                                • CloseClipboard.USER32 ref: 009FED59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                • String ID:
                                                                • API String ID: 420908878-0
                                                                • Opcode ID: fad412407564933f58c26ef99709fdf29fdb71fbe68ed1c12ffb9f9e92c77db1
                                                                • Instruction ID: 1b1ca7b5c2df06c5254c94f4c96db57b9228eef9b8becc80ed5be88fd14a4a16
                                                                • Opcode Fuzzy Hash: fad412407564933f58c26ef99709fdf29fdb71fbe68ed1c12ffb9f9e92c77db1
                                                                • Instruction Fuzzy Hash: CB61CF34244305AFD300EF64D888FBA77A8AF84724F188559F596972B2DB31DD46CB62
                                                                Function 009F698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009F69BE
                                                                • FindClose.KERNEL32(00000000), ref: 009F6A12
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009F6A4E
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009F6A75
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F6AB2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F6ADF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                • API String ID: 3830820486-3289030164
                                                                • Opcode ID: 9a7995fd0c021e7a62df787a374a4fa0acefc4ff342b0310c690542db927788e
                                                                • Instruction ID: b5bef4f45f0b1e4ec6d40a323e403090bef8cdcf6a9ea0e955b8f60599955686
                                                                • Opcode Fuzzy Hash: 9a7995fd0c021e7a62df787a374a4fa0acefc4ff342b0310c690542db927788e
                                                                • Instruction Fuzzy Hash: 0CD14EB2508304AEC710EFA4D991EBBB7ECAF98704F04491DF589D6291EB74DA44CB62
                                                                Function 009F9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 009F9663
                                                                • GetFileAttributesW.KERNEL32(?), ref: 009F96A1
                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 009F96BB
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 009F96D3
                                                                • FindClose.KERNEL32(00000000), ref: 009F96DE
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 009F96FA
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F974A
                                                                • SetCurrentDirectoryW.KERNEL32(00A46B7C), ref: 009F9768
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 009F9772
                                                                • FindClose.KERNEL32(00000000), ref: 009F977F
                                                                • FindClose.KERNEL32(00000000), ref: 009F978F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                • String ID: *.*
                                                                • API String ID: 1409584000-438819550
                                                                • Opcode ID: 47fac364245d4efe0eb7c2b3e2067b468dfa7bd9c431db4124b85a9ef9b31269
                                                                • Instruction ID: d2afa46118386d5842fdfad62bb90abccaf32f258c4cab3bc2abbc651f8fc8d8
                                                                • Opcode Fuzzy Hash: 47fac364245d4efe0eb7c2b3e2067b468dfa7bd9c431db4124b85a9ef9b31269
                                                                • Instruction Fuzzy Hash: 6531BE3668061D7BDB10EFB4DC08BEE77ACAF49331F108556FA25E20A0EB34DA458B54
                                                                Function 009F979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 009F97BE
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 009F9819
                                                                • FindClose.KERNEL32(00000000), ref: 009F9824
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 009F9840
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F9890
                                                                • SetCurrentDirectoryW.KERNEL32(00A46B7C), ref: 009F98AE
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 009F98B8
                                                                • FindClose.KERNEL32(00000000), ref: 009F98C5
                                                                • FindClose.KERNEL32(00000000), ref: 009F98D5
                                                                  • Part of subcall function 009EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 009EDB00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                • String ID: *.*
                                                                • API String ID: 2640511053-438819550
                                                                • Opcode ID: 52767a259a0767fb04b03579b77a9e7a262fd1c21e4e670a0c7570d5be5a564e
                                                                • Instruction ID: 5a013c9048e4385c520651e864208206b83a1f58efba9c0c15ea1501c0c44cb4
                                                                • Opcode Fuzzy Hash: 52767a259a0767fb04b03579b77a9e7a262fd1c21e4e670a0c7570d5be5a564e
                                                                • Instruction Fuzzy Hash: 9331923554061D7ADB10EFA4DC48BEE77ACAF46370F148555E924A2190DB70DE858B60
                                                                Function 00A0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BF3E
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A0BFA9
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0BFCD
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A0C02C
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A0C0E7
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C154
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C1E9
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0C23A
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C2E3
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A0C382
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0C38F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 3102970594-0
                                                                • Opcode ID: b9d234d0e5e5eefb7cf7f77877175929a5b2dc0ef25c24fcc6fa9fcf340fe42f
                                                                • Instruction ID: 1caf20382141574e707972217cc8904656ad70cc1a9ff0fab7519e601c382ba3
                                                                • Opcode Fuzzy Hash: b9d234d0e5e5eefb7cf7f77877175929a5b2dc0ef25c24fcc6fa9fcf340fe42f
                                                                • Instruction Fuzzy Hash: 40025C71604204AFD714DF28D895E2ABBE5EF89314F18C59DF84ACB2A2D731EC46CB52
                                                                Function 009F8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocalTime.KERNEL32(?), ref: 009F8257
                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F8267
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 009F8273
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009F8310
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8324
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8356
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009F838C
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                • String ID: *.*
                                                                • API String ID: 1464919966-438819550
                                                                • Opcode ID: 761b1e5316684d30f62eea72f55c2fbe523b6eb04a601e46fb821829132a9c68
                                                                • Instruction ID: 61f850be3772329072a25edf183e4a1bf34625926c398fdaaf2e10422500f0db
                                                                • Opcode Fuzzy Hash: 761b1e5316684d30f62eea72f55c2fbe523b6eb04a601e46fb821829132a9c68
                                                                • Instruction Fuzzy Hash: EE615BB25083499FCB10EF64C840AAFB3E8FF89714F04891DFA9997251DB35E945CB92
                                                                Function 009ED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                  • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009ED122
                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 009ED1DD
                                                                • MoveFileW.KERNEL32(?,?), ref: 009ED1F0
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 009ED20D
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 009ED237
                                                                  • Part of subcall function 009ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,009ED21C,?,?), ref: 009ED2B2
                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 009ED253
                                                                • FindClose.KERNEL32(00000000), ref: 009ED264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 1946585618-1173974218
                                                                • Opcode ID: d7d0c16dbc88b81ed00f1bd9278975e57200ca03eb13b82241ca5eb4563665be
                                                                • Instruction ID: fc0d859c3f5596cbc192058b0d86b6fba74b47f2284761bb74bc4d88b1be8e2a
                                                                • Opcode Fuzzy Hash: d7d0c16dbc88b81ed00f1bd9278975e57200ca03eb13b82241ca5eb4563665be
                                                                • Instruction Fuzzy Hash: 97613B3180614DABCF06FBE1CA52AFDB779AF95300F248165E41277291EB35AF09CB61
                                                                Function 009FED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                • String ID:
                                                                • API String ID: 1737998785-0
                                                                • Opcode ID: 2b6bca281e77385d0d50c35265b66065e401f8e3a6389816bd7944d975d99326
                                                                • Instruction ID: 58ba85d120d0ab93a53e7052bacae95d19885df95610905466e01ea04b53c95c
                                                                • Opcode Fuzzy Hash: 2b6bca281e77385d0d50c35265b66065e401f8e3a6389816bd7944d975d99326
                                                                • Instruction Fuzzy Hash: BC419F35604611AFE310DF55E848F69BBE9FF44328F14C499E5658B6B2C735EC42CB90
                                                                Function 009EE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                  • Part of subcall function 009E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                  • Part of subcall function 009E16C3: GetLastError.KERNEL32 ref: 009E174A
                                                                • ExitWindowsEx.USER32(?,00000000), ref: 009EE932
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                • API String ID: 2234035333-3163812486
                                                                • Opcode ID: 64c6a279782d40f6b5dd93c58e14eb8f2793cff46f41ad7eac102bcfddc17468
                                                                • Instruction ID: 28f6f8959552b6f84103c68e5311d8a1a15f609e4a7be9de33ae0270154ce445
                                                                • Opcode Fuzzy Hash: 64c6a279782d40f6b5dd93c58e14eb8f2793cff46f41ad7eac102bcfddc17468
                                                                • Instruction Fuzzy Hash: C7014972650251ABEB1662B69C86FFF72DCA708790F144821FC03E31D3E6B49C4481A0
                                                                Function 00A01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00A01276
                                                                • WSAGetLastError.WSOCK32 ref: 00A01283
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00A012BA
                                                                • WSAGetLastError.WSOCK32 ref: 00A012C5
                                                                • closesocket.WSOCK32(00000000), ref: 00A012F4
                                                                • listen.WSOCK32(00000000,00000005), ref: 00A01303
                                                                • WSAGetLastError.WSOCK32 ref: 00A0130D
                                                                • closesocket.WSOCK32(00000000), ref: 00A0133C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                • String ID:
                                                                • API String ID: 540024437-0
                                                                • Opcode ID: 20822531e79c8fdfc4ecfd778e28a340cabecaa48b81d2d5b198792db2bea879
                                                                • Instruction ID: b156730e1f2438357b20b814dc2b0175e18c103e8637b36d4aa1cf65ea985975
                                                                • Opcode Fuzzy Hash: 20822531e79c8fdfc4ecfd778e28a340cabecaa48b81d2d5b198792db2bea879
                                                                • Instruction Fuzzy Hash: 44416171A001049FD710DF64D484BA9BBE5AF8A328F188198E8569F2D2C771ED82CBE1
                                                                Function 009BB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 009BB9D4
                                                                • _free.LIBCMT ref: 009BB9F8
                                                                • _free.LIBCMT ref: 009BBB7F
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00A23700), ref: 009BBB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00A5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 009BBC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00A51270,000000FF,?,0000003F,00000000,?), ref: 009BBC36
                                                                • _free.LIBCMT ref: 009BBD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                • String ID:
                                                                • API String ID: 314583886-0
                                                                • Opcode ID: 8d1a414a07a08713631387cc5b927c5d67b256e24b85cbf536a31f7852781719
                                                                • Instruction ID: 080ea690ac76038425beeae61de5d61dcae7349f8d34967d0e2e56cd9eb21b87
                                                                • Opcode Fuzzy Hash: 8d1a414a07a08713631387cc5b927c5d67b256e24b85cbf536a31f7852781719
                                                                • Instruction Fuzzy Hash: DAC1E471904205AEDB20DF69CE51BEEBBECEF81330F1445AAE494972D1EBB09E42C750
                                                                Function 009ED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                  • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009ED420
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 009ED470
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 009ED481
                                                                • FindClose.KERNEL32(00000000), ref: 009ED498
                                                                • FindClose.KERNEL32(00000000), ref: 009ED4A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 2649000838-1173974218
                                                                • Opcode ID: 4836b4977d9979cb26766df3d333865138da2806662b18542be7dee94f491915
                                                                • Instruction ID: 3eb4008e75c4162c7ed8d7f56e46e75b0f395c44249bfb2a9df6af9a4a3e6d7d
                                                                • Opcode Fuzzy Hash: 4836b4977d9979cb26766df3d333865138da2806662b18542be7dee94f491915
                                                                • Instruction Fuzzy Hash: 95314F710093859FC305FF64D8919AFB7A8AEE5314F448A1EF4D1522E1FB35AE098763
                                                                Function 009BE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: 3178a6b6dca99dabbb24f07e23ff44aa9f0e88817b4f06eb187c6ff645702daa
                                                                • Instruction ID: e40e6341e13223f4ecc4e4afc9c95d0fede2666e839a7a762a3cc9fc49d406df
                                                                • Opcode Fuzzy Hash: 3178a6b6dca99dabbb24f07e23ff44aa9f0e88817b4f06eb187c6ff645702daa
                                                                • Instruction Fuzzy Hash: 43C25C71E046288FDB25CF28DE507EAB7B9EB85314F1445EAD44DE7241E778AE818F40
                                                                Function 009F648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 009F64DC
                                                                • CoInitialize.OLE32(00000000), ref: 009F6639
                                                                • CoCreateInstance.OLE32(00A1FCF8,00000000,00000001,00A1FB68,?), ref: 009F6650
                                                                • CoUninitialize.OLE32 ref: 009F68D4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 886957087-24824748
                                                                • Opcode ID: a812dd594d154f608c609563f67f806fbf3daf4117d72ecbab943f8f583d1f92
                                                                • Instruction ID: f24aa4de5dee947509c7ed0c7613113d94649349e730deb5700ff0884b797ea4
                                                                • Opcode Fuzzy Hash: a812dd594d154f608c609563f67f806fbf3daf4117d72ecbab943f8f583d1f92
                                                                • Instruction Fuzzy Hash: 37D14771508305AFD304EF24C881A6BB7E8FFD8704F14496DF5959B2A1EB71E909CBA2
                                                                Function 00A022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00A022E8
                                                                  • Part of subcall function 009FE4EC: GetWindowRect.USER32(?,?), ref: 009FE504
                                                                • GetDesktopWindow.USER32 ref: 00A02312
                                                                • GetWindowRect.USER32(00000000), ref: 00A02319
                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A02355
                                                                • GetCursorPos.USER32(?), ref: 00A02381
                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A023DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                • String ID:
                                                                • API String ID: 2387181109-0
                                                                • Opcode ID: f4589c0cfb366630386baa2a4d65320a4ede1faf619d9f4520c070797f357885
                                                                • Instruction ID: 9c1d843e177fc0f13dca1bc2474789fc8d2b6c7d197f10242caca0825a558a11
                                                                • Opcode Fuzzy Hash: f4589c0cfb366630386baa2a4d65320a4ede1faf619d9f4520c070797f357885
                                                                • Instruction Fuzzy Hash: 77310072144309AFC720DF54D848B9BBBEAFF84720F004919F9949B191DB34EA09CB92
                                                                Function 009F9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 009F9B78
                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 009F9C8B
                                                                  • Part of subcall function 009F3874: GetInputState.USER32 ref: 009F38CB
                                                                  • Part of subcall function 009F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009F3966
                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 009F9BA8
                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 009F9C75
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                • String ID: *.*
                                                                • API String ID: 1972594611-438819550
                                                                • Opcode ID: a6042b7cbe9942dc3f9e55f5d950c88f3576a3168aa88ba9b4ab4cb560a3f5a2
                                                                • Instruction ID: 005b2b8fe4840af436a0d953e47155a1843974b9bb012cd9fb7434fbf9ebd1c3
                                                                • Opcode Fuzzy Hash: a6042b7cbe9942dc3f9e55f5d950c88f3576a3168aa88ba9b4ab4cb560a3f5a2
                                                                • Instruction Fuzzy Hash: B441617194420EAFCF14EFA4C845BFE7BB8EF45311F148156E959A2291EB309E85CF60
                                                                Function 0099997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00999A4E
                                                                • GetSysColor.USER32(0000000F), ref: 00999B23
                                                                • SetBkColor.GDI32(?,00000000), ref: 00999B36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongProcWindow
                                                                • String ID:
                                                                • API String ID: 3131106179-0
                                                                • Opcode ID: d55eb680deb26687ec5b3d5adcf665e260830df5820aa152782ebf17c942ff7b
                                                                • Instruction ID: 687d6db51d23725e2337327d944a05e8ca5b0b7e2b9134cf6a1617bc50e7345f
                                                                • Opcode Fuzzy Hash: d55eb680deb26687ec5b3d5adcf665e260830df5820aa152782ebf17c942ff7b
                                                                • Instruction Fuzzy Hash: DBA12970149504BFEF28DABC8C98FBF669DEB86350F14860EF402D6691DA29DD41D272
                                                                Function 00A01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00A0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                  • Part of subcall function 00A0304E: _wcslen.LIBCMT ref: 00A0309B
                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A0185D
                                                                • WSAGetLastError.WSOCK32 ref: 00A01884
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00A018DB
                                                                • WSAGetLastError.WSOCK32 ref: 00A018E6
                                                                • closesocket.WSOCK32(00000000), ref: 00A01915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 1601658205-0
                                                                • Opcode ID: fedf23f35654e826a764ce0c4d461d757e8122dbe0a09ceed7e13790dd09f20d
                                                                • Instruction ID: 20eb5b58ad12015abd7c8d47d7c5050cb729c8f478fc71b683dbf1154d0f4c1f
                                                                • Opcode Fuzzy Hash: fedf23f35654e826a764ce0c4d461d757e8122dbe0a09ceed7e13790dd09f20d
                                                                • Instruction Fuzzy Hash: 9951A271A00200AFEB10EF64D886F6A77E5AB84718F18C498FA159F3D3D771AD41CBA1
                                                                Function 00A11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                • String ID:
                                                                • API String ID: 292994002-0
                                                                • Opcode ID: d8f3e3bfb08eaad5f4364efcd678084393a3cdb9c1bd1a900befa3c77c839730
                                                                • Instruction ID: 4a080e7a5703d0020b35df091b147e6cf9d992db20207ec34b22771a6644831f
                                                                • Opcode Fuzzy Hash: d8f3e3bfb08eaad5f4364efcd678084393a3cdb9c1bd1a900befa3c77c839730
                                                                • Instruction Fuzzy Hash: 3521B5317802115FD7209F2AD884FAA7BE5EF85364F198058E946CB351DB71DC82CBD4
                                                                Function 00988060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                • API String ID: 0-1546025612
                                                                • Opcode ID: 9fcb68debc02c3750969d49dbe6bcf00725382215995be933319fb75302f1ddf
                                                                • Instruction ID: ec271effbd8fc9756521eae906730df968b335cecc51bebfa5fd66338cfe5909
                                                                • Opcode Fuzzy Hash: 9fcb68debc02c3750969d49dbe6bcf00725382215995be933319fb75302f1ddf
                                                                • Instruction Fuzzy Hash: 38A2A371E0021ACBDF24DF58C840BAEB7B5BF54310F6585AAE815A7385EB34AD81CF61
                                                                Function 009EAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 009EAAAC
                                                                • SetKeyboardState.USER32(00000080), ref: 009EAAC8
                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 009EAB36
                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 009EAB88
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 794ae3eb13ca35d738b85be6815f7fd1373785b6f314463831e38b654d42a972
                                                                • Instruction ID: 3159848e0f3555381d2002f5acb8c58092440e24524d749a3e9ed482b1cd2725
                                                                • Opcode Fuzzy Hash: 794ae3eb13ca35d738b85be6815f7fd1373785b6f314463831e38b654d42a972
                                                                • Instruction Fuzzy Hash: 98311C30A40288AEFB36CA66CC05BFA77ABAB54320F0C421AF191961F1D374AD85C752
                                                                Function 009FCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 009FCE89
                                                                • GetLastError.KERNEL32(?,00000000), ref: 009FCEEA
                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 009FCEFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorEventFileInternetLastRead
                                                                • String ID:
                                                                • API String ID: 234945975-0
                                                                • Opcode ID: 93c440dde67015be1fc2fe5c12d59a856ca153c86302badbaee2f4c3063d1b68
                                                                • Instruction ID: 3526e9861fbefeeba35125a51ab3b53032b7cd5c91dbf1e41cc6a6f9dda814b9
                                                                • Opcode Fuzzy Hash: 93c440dde67015be1fc2fe5c12d59a856ca153c86302badbaee2f4c3063d1b68
                                                                • Instruction Fuzzy Hash: B921BDB154030DABDB20DFA5CA48BB6B7FCEF40354F10882EE646D2151E774EE058BA4
                                                                Function 009E8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009E82AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: ($|
                                                                • API String ID: 1659193697-1631851259
                                                                • Opcode ID: 46b65c6f33ac9ff8b38cef34559333957757beef95a45ad2867b5ee33eb70f6b
                                                                • Instruction ID: 9dbde40b4db1058d3f2fee50dfefa6ddf2869e2151b741b453d413b054d225ae
                                                                • Opcode Fuzzy Hash: 46b65c6f33ac9ff8b38cef34559333957757beef95a45ad2867b5ee33eb70f6b
                                                                • Instruction Fuzzy Hash: 9B323575A007459FCB29CF5AC481A6AB7F0FF48710B15C56EE49ADB3A1EB70E941CB40
                                                                Function 009F5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009F5CC1
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 009F5D17
                                                                • FindClose.KERNEL32(?), ref: 009F5D5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: 6c0c564d11f1625f11f5344513fc3ab56d763fc4866626ce27d698d2a2cd6fe9
                                                                • Instruction ID: acf38d53bec854ab4c45fc72113d6c739368baea9b56a8d74d313158dd537868
                                                                • Opcode Fuzzy Hash: 6c0c564d11f1625f11f5344513fc3ab56d763fc4866626ce27d698d2a2cd6fe9
                                                                • Instruction Fuzzy Hash: 6951BC74604A059FC714DF28C494EA6B7E8FF4A324F15855DEAAA8B3A1DB30EC05CF91
                                                                Function 009B2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 009B271A
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009B2724
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 009B2731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: 8ba52bad7979d20cdd48123285e0ef5abd01c7e2b8591b4f7a1236dec841f49f
                                                                • Instruction ID: 5faf50c0785520b9c8b9b3e75b4b5630e667aff777cb4117f097ba8d24b5ed5d
                                                                • Opcode Fuzzy Hash: 8ba52bad7979d20cdd48123285e0ef5abd01c7e2b8591b4f7a1236dec841f49f
                                                                • Instruction Fuzzy Hash: 5431D5749412189BCB21DF68DD897DCB7B8EF48320F5041EAE41CA7260EB309F818F84
                                                                Function 009F51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 009F51DA
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 009F5238
                                                                • SetErrorMode.KERNEL32(00000000), ref: 009F52A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1682464887-0
                                                                • Opcode ID: fadab8b5add0ef56bf10caf51c8e93142e030178088f77a8e8bdb0390aadccd3
                                                                • Instruction ID: 244b04cb8c2b204da4caa19df6a83178826bdb6b4cbd28b8094c0c9ee108be8f
                                                                • Opcode Fuzzy Hash: fadab8b5add0ef56bf10caf51c8e93142e030178088f77a8e8bdb0390aadccd3
                                                                • Instruction Fuzzy Hash: 63314D75A005189FDB00DF94D884FEDBBB4FF49318F098199E905AB362DB31E856CBA0
                                                                Function 009E16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0099FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009A0668
                                                                  • Part of subcall function 0099FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009A0685
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                • GetLastError.KERNEL32 ref: 009E174A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                • String ID:
                                                                • API String ID: 577356006-0
                                                                • Opcode ID: c2af17970cc058e2aaaefbaa9217b6ae0713e3f045ad0c6c7050ec901e12d47b
                                                                • Instruction ID: 2196d0b25f00810fb556aa61d57c482535158e127476e6f2e252759a41cf4d5c
                                                                • Opcode Fuzzy Hash: c2af17970cc058e2aaaefbaa9217b6ae0713e3f045ad0c6c7050ec901e12d47b
                                                                • Instruction Fuzzy Hash: EC1191B2414305AFD718DF54DC86EAAB7BDEB48B24B20852EE05697681EB71BC41CA24
                                                                Function 009ED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009ED608
                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 009ED645
                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009ED650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                • String ID:
                                                                • API String ID: 33631002-0
                                                                • Opcode ID: 9dd52c28d43539317d0d67db154463842ef82b2699f05b262703f9f7be91c1a7
                                                                • Instruction ID: 711d4dab008f971491603637caba280dc1dc81a4a64debb3575c4d9a75ec14ec
                                                                • Opcode Fuzzy Hash: 9dd52c28d43539317d0d67db154463842ef82b2699f05b262703f9f7be91c1a7
                                                                • Instruction Fuzzy Hash: 27117C71E41228BBDB108F959C44FEFBBBCEB45B60F108111F914E7290C2704A018BA1
                                                                Function 009E1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 009E168C
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009E16A1
                                                                • FreeSid.ADVAPI32(?), ref: 009E16B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: ceb697ad8f6cd2f36e8fba144e0f0946a37d1f83d5646420da12dcd5b6ab3b82
                                                                • Instruction ID: b9cb9fc704ec4b73e5196bcc0de1719978f5a4cb3fc8a88f2e8976acfa3e21f1
                                                                • Opcode Fuzzy Hash: ceb697ad8f6cd2f36e8fba144e0f0946a37d1f83d5646420da12dcd5b6ab3b82
                                                                • Instruction Fuzzy Hash: BFF0F471990309FBDB00DFE49C89EAEBBBCEB08614F508565E501E2181E774AA448A50
                                                                Function 009BC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: /
                                                                • API String ID: 0-2043925204
                                                                • Opcode ID: e5964a2a114593d48d6700ef5b2ed88c757c986950b3bcbe268f536bf7aa1809
                                                                • Instruction ID: 3a8de1a91a917e655f1a9549b25a6412d5374105f63bcf1f64c7683734bd9840
                                                                • Opcode Fuzzy Hash: e5964a2a114593d48d6700ef5b2ed88c757c986950b3bcbe268f536bf7aa1809
                                                                • Instruction Fuzzy Hash: B04136B6900219ABCB209FB9CD88EFB77BCEBC4324F504269F915D7180E670DE818B50
                                                                Function 009DD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 009DD28C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID: X64
                                                                • API String ID: 2645101109-893830106
                                                                • Opcode ID: f1200cf39c883e5e16e3d8b9eb388311842f0e9bb7ef247dfec48b24b02ea5f4
                                                                • Instruction ID: a3b068836e5c55bffcf7196f8fc2afe7dfa01b64c80b40e07a17dec0d5f719cb
                                                                • Opcode Fuzzy Hash: f1200cf39c883e5e16e3d8b9eb388311842f0e9bb7ef247dfec48b24b02ea5f4
                                                                • Instruction Fuzzy Hash: 85D0C9B484212DEACF94CB90DCC8DD9B37CBB04345F104552F146B2100D73495498F20
                                                                Function 009ACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction ID: ce3983a45759edc961097712dcbdacefb6b9c5d1677c656779f90e10e5ebe629
                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction Fuzzy Hash: E1020CB1E002199FDF14CFA9C8806ADBBF5EF89324F254569D819EB384D731AD418BD4
                                                                Function 009F68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 009F6918
                                                                • FindClose.KERNEL32(00000000), ref: 009F6961
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: e62d5922194a85b7eb1fccd739a27aefb73328b6fe9a64dafde5c6b5eca3fb93
                                                                • Instruction ID: 5520028c039d8a2bb69a03d856b07932bd5452db160db1e67547d9e929a03017
                                                                • Opcode Fuzzy Hash: e62d5922194a85b7eb1fccd739a27aefb73328b6fe9a64dafde5c6b5eca3fb93
                                                                • Instruction Fuzzy Hash: B711D0756042009FD710DF69D484A26BBE4FF84328F14C699F5698F3A2C770EC45CB90
                                                                Function 009F37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A04891,?,?,00000035,?), ref: 009F37E4
                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A04891,?,?,00000035,?), ref: 009F37F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID:
                                                                • API String ID: 3479602957-0
                                                                • Opcode ID: 69a0d5c6bba4f66824b39fb9e0244e29129fdbf750003c95966af9ed84c040a4
                                                                • Instruction ID: e45ce7ab6a5aa19628a51a1843cc86d454d5794d6c48a327555e8e5dc1c4697a
                                                                • Opcode Fuzzy Hash: 69a0d5c6bba4f66824b39fb9e0244e29129fdbf750003c95966af9ed84c040a4
                                                                • Instruction Fuzzy Hash: FDF0E5B06042282AE72067A69C4DFEB7AAEEFC5771F004165F609D2281DAA09944C7B0
                                                                Function 009EB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 009EB25D
                                                                • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 009EB270
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: InputSendkeybd_event
                                                                • String ID:
                                                                • API String ID: 3536248340-0
                                                                • Opcode ID: 7bfe5e66b1314890d6df509d7dab8bfcf8f2546ef969bf312148237f58e4b217
                                                                • Instruction ID: 4656370aaeb928d05c53b3271d23bc7dcc61ed9e660afb7f5f7ab733d2e0574d
                                                                • Opcode Fuzzy Hash: 7bfe5e66b1314890d6df509d7dab8bfcf8f2546ef969bf312148237f58e4b217
                                                                • Instruction Fuzzy Hash: 06F01D7184428DABDB06DFA1C805BEE7BB4FF04315F008409F965A5191C37986119F94
                                                                Function 009E10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009E11FC), ref: 009E10D4
                                                                • CloseHandle.KERNEL32(?,?,009E11FC), ref: 009E10E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                • String ID:
                                                                • API String ID: 81990902-0
                                                                • Opcode ID: 3abd96e2ded8c294cd5d083df8ffdc7b6032393f3df08faabb40b4a5d7890d3b
                                                                • Instruction ID: bc600462ddede7f26dc5211f32617790f7e57ce59a73cf112aecbc1ef7a94a20
                                                                • Opcode Fuzzy Hash: 3abd96e2ded8c294cd5d083df8ffdc7b6032393f3df08faabb40b4a5d7890d3b
                                                                • Instruction Fuzzy Hash: 22E04F32004610AFEB256B55FC05FB3B7A9EB04320F20C82DF4A5804B1DB626C90DB10
                                                                Function 0098CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Variable is not of type 'Object'., xrefs: 009D0C40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Variable is not of type 'Object'.
                                                                • API String ID: 0-1840281001
                                                                • Opcode ID: 97300be6c3266c6f813bdab724038ec8cbebd343f03b232fbc27530b6b62c2b9
                                                                • Instruction ID: 237572a9824d55ab8fd4209d92c4b513b19f71347b284880e549e037fc4e3638
                                                                • Opcode Fuzzy Hash: 97300be6c3266c6f813bdab724038ec8cbebd343f03b232fbc27530b6b62c2b9
                                                                • Instruction Fuzzy Hash: FD32ACB0900218DFDF14EF94D881BEDB7B9BF85308F14845AE806AB392D775AE45CB60
                                                                Function 009B676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009B6766,?,?,00000008,?,?,009BFEFE,00000000), ref: 009B6998
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: 0589846c9924a94418393bc569f02ada4ffc7b0e1bd7267a500d671860a6b518
                                                                • Instruction ID: 95cbc31b8f97a5e5a2ce95d299399d563fc073a329adf00a9a7e75889ae99538
                                                                • Opcode Fuzzy Hash: 0589846c9924a94418393bc569f02ada4ffc7b0e1bd7267a500d671860a6b518
                                                                • Instruction Fuzzy Hash: B9B14D32510608DFDB15CF28C586BA57BE0FF45364F298658E899CF2A2C739E991CB40
                                                                Function 0099B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: ce1d3325800a2c2bcfb2852792884a9676a63e0ab1c75e76d3142233af8246bb
                                                                • Instruction ID: a06bfc7cf025996b45e41b9cd067a3fd666539d06b60738a69a3b179495d4e68
                                                                • Opcode Fuzzy Hash: ce1d3325800a2c2bcfb2852792884a9676a63e0ab1c75e76d3142233af8246bb
                                                                • Instruction Fuzzy Hash: C8126E759002299FCF24CF58D9817EEB7B9FF48710F14819AE849EB252DB349A81DF90
                                                                Function 009FEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BlockInput.USER32(00000001), ref: 009FEABD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: BlockInput
                                                                • String ID:
                                                                • API String ID: 3456056419-0
                                                                • Opcode ID: 680fd4a4a625debc67c7fa589097fe1f3f23aab5a402e2e388465d2a3440b898
                                                                • Instruction ID: c27d842c3b6a84bfa84d5344db9792b03eb7ca354a9a61dbed5a025911bb38f2
                                                                • Opcode Fuzzy Hash: 680fd4a4a625debc67c7fa589097fe1f3f23aab5a402e2e388465d2a3440b898
                                                                • Instruction Fuzzy Hash: 68E01A752002049FD710EF59D804E9ABBE9AF98760F008416FD49C7361DA70E8418BA0
                                                                Function 009A09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,009A03EE), ref: 009A09DA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: 02b79721f2bbe7253eff5d8712cc9973861cce51cf7d08b17b682af878f2009c
                                                                • Instruction ID: b1f24d40c249058953428538a0e57ea5b9824cc859a9a90d66fa19601f6d79b7
                                                                • Opcode Fuzzy Hash: 02b79721f2bbe7253eff5d8712cc9973861cce51cf7d08b17b682af878f2009c
                                                                • Instruction Fuzzy Hash:
                                                                Function 009A781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction ID: 4557397f1efb42b266cd4e75690e0bde83ce5fee815add57a66017f868a4cc99
                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction Fuzzy Hash: 6A51356260C6056BDB3885EC8C9F7BFE78D9B83340F18091AD886D7282CA1DDE45D3D6
                                                                Function 009B6DD9 Relevance: .6, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45e6d4afdbd5d2606eceac6d7bb8938e3534ef40204919e0bf1e28e00670289e
                                                                • Instruction ID: 7fa442219ddc8a2b4da4febef32f4ed9c3fa8bf28586446d6236d08d62a396ea
                                                                • Opcode Fuzzy Hash: 45e6d4afdbd5d2606eceac6d7bb8938e3534ef40204919e0bf1e28e00670289e
                                                                • Instruction Fuzzy Hash: 15320122D29F014DD7339678C922335A68DAFB73E5F15D737F81AB59A9EB29C4834200
                                                                Function 0099CC39 Relevance: .6, Instructions: 635COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7af43cc4e2ed9c9ded99e426b11dc461b5f8c5438a787838734098625c346984
                                                                • Instruction ID: 88459ba00d6a3648fce73c032a4e7a023f214973bb79a20d6011e4f48eb7a1fd
                                                                • Opcode Fuzzy Hash: 7af43cc4e2ed9c9ded99e426b11dc461b5f8c5438a787838734098625c346984
                                                                • Instruction Fuzzy Hash: D53205B2A801178BDF28CF68C89467D7BA9EB45301F28CD6BD489DB391E635DD81DB40
                                                                Function 00987920 Relevance: .6, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d99508129e303addf7b6ed5ff7bd51fa13d5c7ac88a3774d57160e6f4b58dfdb
                                                                • Instruction ID: 3522f4bff94667dd9a3e30eafdcfb5f3aa1e1d49d2c6cfcabb02be104adb03e3
                                                                • Opcode Fuzzy Hash: d99508129e303addf7b6ed5ff7bd51fa13d5c7ac88a3774d57160e6f4b58dfdb
                                                                • Instruction Fuzzy Hash: BE227E70E0460ADBDF14DFA4C941BAEB7B6FF84300F244529E816A7391EB36E951CB51
                                                                Function 009891C0 Relevance: .5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 169a3da034673c5ebd24bc356a856f38537b8cdb12ab66790735fabf2afb2ca4
                                                                • Instruction ID: aca6331fb5bab3d980870478c845fd1acdf14f666cde8fb26ec67455ec5de2da
                                                                • Opcode Fuzzy Hash: 169a3da034673c5ebd24bc356a856f38537b8cdb12ab66790735fabf2afb2ca4
                                                                • Instruction Fuzzy Hash: C30281B1E0020AEBDF04DF54D881BAEB7B5FF84300F148569E8169B391EB35AE51CB91
                                                                Function 009B9EEE Relevance: .3, Instructions: 294COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f356b4e052dc7c42f1bf61b2962ceac6710de5a30d98c60e8b797f313fde6c1
                                                                • Instruction ID: 1b3a1071470d6215ad766fb7404302d2574fdf6e8a88a1733337b0cc1df04f2a
                                                                • Opcode Fuzzy Hash: 5f356b4e052dc7c42f1bf61b2962ceac6710de5a30d98c60e8b797f313fde6c1
                                                                • Instruction Fuzzy Hash: FDB10221D2AF414DC723D6398831336B65CAFBB6D5F91D72BFC2678D22EB2686834140
                                                                Function 009A1C77 Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction ID: 12ba86c54e4001be7f6d5b0b390a3f21670d8f6e383c4d21725ddafa5ba1ec42
                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction Fuzzy Hash: 0E9165722080E34ADB2D463E857403EFFE59A933B1B1A0B9ED4F2CA1C5FE24C954D660
                                                                Function 009A1F32 Relevance: .2, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction ID: 7ba9972bfec8a8e9d337179871fbc0513d864bf542e73839212df1312b41519c
                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction Fuzzy Hash: B391337220D0E34EDB69473D857403EFFE59A933A171A079EE4F2CA1C5EE248954E6A0
                                                                Function 009A19B0 Relevance: .2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction ID: 5234610e07a2399ee0ccbdaf49f87d88c98fa870e1615e4f66c121673aab4538
                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction Fuzzy Hash: AA91B2322090A34EDB2D427A857403EFFF95A933B2B1A079ED4F2CA1C5FE24C564D660
                                                                Function 009A7A4A Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cce7e308a26ed1cefe69abd711f5f3a0a1ffc338f9c58f75ed1890d7aade6137
                                                                • Instruction ID: 5c6e32b0d67c2296adee997b3da0d0a37a1788db8cff56a9c0338885234c5be5
                                                                • Opcode Fuzzy Hash: cce7e308a26ed1cefe69abd711f5f3a0a1ffc338f9c58f75ed1890d7aade6137
                                                                • Instruction Fuzzy Hash: 1E6139B160870966DE349AE88D97BBFF39CDF83710F140D19E882DB281DA159E4283E5
                                                                Function 009A7CA7 Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 602fa21d47bc1a734185e6adb1990ce9f31b30cf76068d9a7ca6f159d945241f
                                                                • Instruction ID: 3c99b57b3f95bed0b5b6c5b895ea2cc8f44e6e56dedb9b66cc106f53498fd4a3
                                                                • Opcode Fuzzy Hash: 602fa21d47bc1a734185e6adb1990ce9f31b30cf76068d9a7ca6f159d945241f
                                                                • Instruction Fuzzy Hash: 8F61783160870966DE384AE84C67BBFE39CEF83700F200D59E843CB2D1EA169D42C2D5
                                                                Function 009A1706 Relevance: .2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction ID: 6be32cefebf9a669989ea5075a5c45744ac66d2ae5e5671281891e3d69e4563b
                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction Fuzzy Hash: B08187776090A30EDB6D423E853443EFFE55A933A1B1A079ED4F2CB1C1EE28C554E6A0
                                                                Function 009F2046 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd6a01079ac20f018c1ed97dc08f8b9f8c34732ff98459d1dcd73203ada8b228
                                                                • Instruction ID: 6153cdae0ca99b331ab0b138bbbd601b8f0785471e84a6672b7ad7a3a9e08ab6
                                                                • Opcode Fuzzy Hash: bd6a01079ac20f018c1ed97dc08f8b9f8c34732ff98459d1dcd73203ada8b228
                                                                • Instruction Fuzzy Hash: 9321A8326206158BDB28CF79C81277A73E9B754310F19862EE4A7C37D0DE35A904C780
                                                                Function 00A02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00A02B30
                                                                • DeleteObject.GDI32(00000000), ref: 00A02B43
                                                                • DestroyWindow.USER32 ref: 00A02B52
                                                                • GetDesktopWindow.USER32 ref: 00A02B6D
                                                                • GetWindowRect.USER32(00000000), ref: 00A02B74
                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A02CA3
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A02CB1
                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02CF8
                                                                • GetClientRect.USER32(00000000,?), ref: 00A02D04
                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A02D40
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D62
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D75
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D80
                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D89
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D98
                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02DA1
                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02DA8
                                                                • GlobalFree.KERNEL32(00000000), ref: 00A02DB3
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02DC5
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00A1FC38,00000000), ref: 00A02DDB
                                                                • GlobalFree.KERNEL32(00000000), ref: 00A02DEB
                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A02E11
                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A02E30
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02E52
                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A0303F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                • API String ID: 2211948467-2373415609
                                                                • Opcode ID: e74de03193ddc810eadf6924ba3652a72bac2b10d83ec6fb9245244efb2339af
                                                                • Instruction ID: 51dbfbcc6508dc7f5d3c5d95e3e81a0a6451272ceafaf17bf12cab2e66858476
                                                                • Opcode Fuzzy Hash: e74de03193ddc810eadf6924ba3652a72bac2b10d83ec6fb9245244efb2339af
                                                                • Instruction Fuzzy Hash: 1B028B71900209AFDB14DFA4DC89FAE7BB9FB49720F148158F915AB2A1CB70ED01CB60
                                                                Function 00A170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTextColor.GDI32(?,00000000), ref: 00A1712F
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A17160
                                                                • GetSysColor.USER32(0000000F), ref: 00A1716C
                                                                • SetBkColor.GDI32(?,000000FF), ref: 00A17186
                                                                • SelectObject.GDI32(?,?), ref: 00A17195
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00A171C0
                                                                • GetSysColor.USER32(00000010), ref: 00A171C8
                                                                • CreateSolidBrush.GDI32(00000000), ref: 00A171CF
                                                                • FrameRect.USER32(?,?,00000000), ref: 00A171DE
                                                                • DeleteObject.GDI32(00000000), ref: 00A171E5
                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00A17230
                                                                • FillRect.USER32(?,?,?), ref: 00A17262
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A17284
                                                                  • Part of subcall function 00A173E8: GetSysColor.USER32(00000012), ref: 00A17421
                                                                  • Part of subcall function 00A173E8: SetTextColor.GDI32(?,?), ref: 00A17425
                                                                  • Part of subcall function 00A173E8: GetSysColorBrush.USER32(0000000F), ref: 00A1743B
                                                                  • Part of subcall function 00A173E8: GetSysColor.USER32(0000000F), ref: 00A17446
                                                                  • Part of subcall function 00A173E8: GetSysColor.USER32(00000011), ref: 00A17463
                                                                  • Part of subcall function 00A173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A17471
                                                                  • Part of subcall function 00A173E8: SelectObject.GDI32(?,00000000), ref: 00A17482
                                                                  • Part of subcall function 00A173E8: SetBkColor.GDI32(?,00000000), ref: 00A1748B
                                                                  • Part of subcall function 00A173E8: SelectObject.GDI32(?,?), ref: 00A17498
                                                                  • Part of subcall function 00A173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00A174B7
                                                                  • Part of subcall function 00A173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A174CE
                                                                  • Part of subcall function 00A173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00A174DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                • String ID:
                                                                • API String ID: 4124339563-0
                                                                • Opcode ID: a670b670ed179ea293ae4ecbc94dfdcbf56a7eb2dbfcd5411c73a87278072606
                                                                • Instruction ID: 3e526358c7c758e4d17de72caf896cf69b56a2eab741ba1bac56109b4e70e91a
                                                                • Opcode Fuzzy Hash: a670b670ed179ea293ae4ecbc94dfdcbf56a7eb2dbfcd5411c73a87278072606
                                                                • Instruction Fuzzy Hash: 60A17F72088301BFD701DFA4DC48A9E7BBAFB49330F105B19F962961A1D771E9468B51
                                                                Function 00998D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?), ref: 00998E14
                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 009D6AC5
                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 009D6AFE
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 009D6F43
                                                                  • Part of subcall function 00998F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00998BE8,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 00998FC5
                                                                • SendMessageW.USER32(?,00001053), ref: 009D6F7F
                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 009D6F96
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 009D6FAC
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 009D6FB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                • String ID: 0
                                                                • API String ID: 2760611726-4108050209
                                                                • Opcode ID: c9c5642d2573558c33c166c10a4f3f0a6f50c2f7ae3d84e94eab8b202327e918
                                                                • Instruction ID: a99e3c60529f6b6535fd02e1ed5296407f0a49c739937e5c85c41db059deb185
                                                                • Opcode Fuzzy Hash: c9c5642d2573558c33c166c10a4f3f0a6f50c2f7ae3d84e94eab8b202327e918
                                                                • Instruction Fuzzy Hash: F312BD30244211DFDB25DF68D854BBAB7E9FB49310F14846EF4998B261CB35EC92CB91
                                                                Function 00A02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000), ref: 00A0273E
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A0286A
                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A028A9
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A028B9
                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A02900
                                                                • GetClientRect.USER32(00000000,?), ref: 00A0290C
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A02955
                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A02964
                                                                • GetStockObject.GDI32(00000011), ref: 00A02974
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A02978
                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A02988
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A02991
                                                                • DeleteDC.GDI32(00000000), ref: 00A0299A
                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A029C6
                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00A029DD
                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A02A1D
                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A02A31
                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00A02A42
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A02A77
                                                                • GetStockObject.GDI32(00000011), ref: 00A02A82
                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A02A8D
                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A02A97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                • API String ID: 2910397461-517079104
                                                                • Opcode ID: 895242c2b9885ec98663178fc4c42c8acce3e3c69ff369d2a56579a48ea6219e
                                                                • Instruction ID: 8475ba6bc890c3d0e2f8b696d1ba927ca2fec67f95b48c2b6aa8f0cd5005c9f7
                                                                • Opcode Fuzzy Hash: 895242c2b9885ec98663178fc4c42c8acce3e3c69ff369d2a56579a48ea6219e
                                                                • Instruction Fuzzy Hash: E2B15A71A40219AFEB14DFA8DC49FAE7BA9FB48721F008514F914EB2D0D770AD41CBA4
                                                                Function 009F4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 009F4AED
                                                                • GetDriveTypeW.KERNEL32(?,00A1CB68,?,\\.\,00A1CC08), ref: 009F4BCA
                                                                • SetErrorMode.KERNEL32(00000000,00A1CB68,?,\\.\,00A1CC08), ref: 009F4D36
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DriveType
                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                • API String ID: 2907320926-4222207086
                                                                • Opcode ID: 04121d1343306255866a21e0c1d1bf5b6c78dc268aaca7d97f59dfd09e5dff66
                                                                • Instruction ID: 0202261d857d61894efe601e322b6714125f5cff5ac6a98b6b92bca922140fbb
                                                                • Opcode Fuzzy Hash: 04121d1343306255866a21e0c1d1bf5b6c78dc268aaca7d97f59dfd09e5dff66
                                                                • Instruction Fuzzy Hash: 4161F63460520DEBCB04EF24C981EFE77B4BB85710B249815F946AB292DB39ED41DB52
                                                                Function 00A173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000012), ref: 00A17421
                                                                • SetTextColor.GDI32(?,?), ref: 00A17425
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00A1743B
                                                                • GetSysColor.USER32(0000000F), ref: 00A17446
                                                                • CreateSolidBrush.GDI32(?), ref: 00A1744B
                                                                • GetSysColor.USER32(00000011), ref: 00A17463
                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A17471
                                                                • SelectObject.GDI32(?,00000000), ref: 00A17482
                                                                • SetBkColor.GDI32(?,00000000), ref: 00A1748B
                                                                • SelectObject.GDI32(?,?), ref: 00A17498
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00A174B7
                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A174CE
                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00A174DB
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A1752A
                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00A17554
                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00A17572
                                                                • DrawFocusRect.USER32(?,?), ref: 00A1757D
                                                                • GetSysColor.USER32(00000011), ref: 00A1758E
                                                                • SetTextColor.GDI32(?,00000000), ref: 00A17596
                                                                • DrawTextW.USER32(?,00A170F5,000000FF,?,00000000), ref: 00A175A8
                                                                • SelectObject.GDI32(?,?), ref: 00A175BF
                                                                • DeleteObject.GDI32(?), ref: 00A175CA
                                                                • SelectObject.GDI32(?,?), ref: 00A175D0
                                                                • DeleteObject.GDI32(?), ref: 00A175D5
                                                                • SetTextColor.GDI32(?,?), ref: 00A175DB
                                                                • SetBkColor.GDI32(?,?), ref: 00A175E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                • String ID:
                                                                • API String ID: 1996641542-0
                                                                • Opcode ID: 685c12af1a566151c0cef41637fc01d387c39528986208808a26f0068fe39c4c
                                                                • Instruction ID: afadafa78720fe52942a591abd9ac6e5cbebd819d7f6fa43c9d996b43fb188fb
                                                                • Opcode Fuzzy Hash: 685c12af1a566151c0cef41637fc01d387c39528986208808a26f0068fe39c4c
                                                                • Instruction Fuzzy Hash: 15616C76940218BFDF01DFA4DC49AEEBFB9EB08330F109215F911AB2A1D7749981CB90
                                                                Function 00A10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00A11128
                                                                • GetDesktopWindow.USER32 ref: 00A1113D
                                                                • GetWindowRect.USER32(00000000), ref: 00A11144
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A11199
                                                                • DestroyWindow.USER32(?), ref: 00A111B9
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A111ED
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A1120B
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A1121D
                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00A11232
                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A11245
                                                                • IsWindowVisible.USER32(00000000), ref: 00A112A1
                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A112BC
                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A112D0
                                                                • GetWindowRect.USER32(00000000,?), ref: 00A112E8
                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00A1130E
                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00A11328
                                                                • CopyRect.USER32(?,?), ref: 00A1133F
                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00A113AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                • String ID: ($0$tooltips_class32
                                                                • API String ID: 698492251-4156429822
                                                                • Opcode ID: 32cf4b955392a341776d9c5930525657ffcfc6e7fa1943127fd7eec8c4dc9b0b
                                                                • Instruction ID: 1f6f4b78646a36d563a6bb60282cc1b22c1e849235714f0172847b09d009ed08
                                                                • Opcode Fuzzy Hash: 32cf4b955392a341776d9c5930525657ffcfc6e7fa1943127fd7eec8c4dc9b0b
                                                                • Instruction Fuzzy Hash: D1B18B71608341AFD700DF64C884BAAFBE4FF88750F00891CFA999B2A1D771E885CB91
                                                                Function 00A10241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 00A102E5
                                                                • _wcslen.LIBCMT ref: 00A1031F
                                                                • _wcslen.LIBCMT ref: 00A10389
                                                                • _wcslen.LIBCMT ref: 00A103F1
                                                                • _wcslen.LIBCMT ref: 00A10475
                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00A104C5
                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A10504
                                                                  • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                  • Part of subcall function 009E223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 009E2258
                                                                  • Part of subcall function 009E223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 009E228A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                • API String ID: 1103490817-719923060
                                                                • Opcode ID: 5adc840fa7909a897f1901ebe4075d79a8de29b23023f17b543e484a892a5576
                                                                • Instruction ID: 3c7c5d08885ff7957f83ce315a285b3b575ae5ebc3886c17e3a637f7780394af
                                                                • Opcode Fuzzy Hash: 5adc840fa7909a897f1901ebe4075d79a8de29b23023f17b543e484a892a5576
                                                                • Instruction Fuzzy Hash: 90E1AD312082418FC714EF24C590DAEB7E6BFC8714B14895DF8A69B3A1DB70ED85CB91
                                                                Function 00998891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00998968
                                                                • GetSystemMetrics.USER32(00000007), ref: 00998970
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0099899B
                                                                • GetSystemMetrics.USER32(00000008), ref: 009989A3
                                                                • GetSystemMetrics.USER32(00000004), ref: 009989C8
                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009989E5
                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009989F5
                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00998A28
                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00998A3C
                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00998A5A
                                                                • GetStockObject.GDI32(00000011), ref: 00998A76
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00998A81
                                                                  • Part of subcall function 0099912D: GetCursorPos.USER32(?), ref: 00999141
                                                                  • Part of subcall function 0099912D: ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                  • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                  • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                • SetTimer.USER32(00000000,00000000,00000028,009990FC), ref: 00998AA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                • String ID: AutoIt v3 GUI
                                                                • API String ID: 1458621304-248962490
                                                                • Opcode ID: dd20927948c26a30eab47622d9fc2030db48edce78f7f2f20ba3dabb006d63e5
                                                                • Instruction ID: 8ddc0b86529373805b0803e6d4481dc5c07d493f2a30bc26a7ca517dde6766dd
                                                                • Opcode Fuzzy Hash: dd20927948c26a30eab47622d9fc2030db48edce78f7f2f20ba3dabb006d63e5
                                                                • Instruction Fuzzy Hash: 0CB15C71A80209DFDF14DFA8CC45BEE7BB5FB48325F10852AFA15AB290DB74A841CB50
                                                                Function 009E0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                  • Part of subcall function 009E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                  • Part of subcall function 009E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                  • Part of subcall function 009E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                  • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 009E0DF5
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 009E0E29
                                                                • GetLengthSid.ADVAPI32(?), ref: 009E0E40
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 009E0E7A
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009E0E96
                                                                • GetLengthSid.ADVAPI32(?), ref: 009E0EAD
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 009E0EB5
                                                                • HeapAlloc.KERNEL32(00000000), ref: 009E0EBC
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 009E0EDD
                                                                • CopySid.ADVAPI32(00000000), ref: 009E0EE4
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 009E0F13
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 009E0F35
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 009E0F47
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F6E
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0F75
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F7E
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0F85
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F8E
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0F95
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 009E0FA1
                                                                • HeapFree.KERNEL32(00000000), ref: 009E0FA8
                                                                  • Part of subcall function 009E1193: GetProcessHeap.KERNEL32(00000008,009E0BB1,?,00000000,?,009E0BB1,?), ref: 009E11A1
                                                                  • Part of subcall function 009E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,009E0BB1,?), ref: 009E11A8
                                                                  • Part of subcall function 009E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009E0BB1,?), ref: 009E11B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: 572e8cbf11af1cf1e71191c6d386544c824261860cb9bff89341099e84283753
                                                                • Instruction ID: 27727ebc4f876601d3730d9f69fcb9fab7c42eab1425cf7101314df92cf39213
                                                                • Opcode Fuzzy Hash: 572e8cbf11af1cf1e71191c6d386544c824261860cb9bff89341099e84283753
                                                                • Instruction Fuzzy Hash: 9771AB7290025AABDF21CFA5DC48BEEBBBCBF48310F048624F959A6190D770DE55CB60
                                                                Function 00A0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0C4BD
                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00A1CC08,00000000,?,00000000,?,?), ref: 00A0C544
                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A0C5A4
                                                                • _wcslen.LIBCMT ref: 00A0C5F4
                                                                • _wcslen.LIBCMT ref: 00A0C66F
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A0C6B2
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A0C7C1
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A0C84D
                                                                • RegCloseKey.ADVAPI32(?), ref: 00A0C881
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0C88E
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A0C960
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                • API String ID: 9721498-966354055
                                                                • Opcode ID: ff827cea85a6696039c14d10b9df9e222794d8bfb763d5c6bff6db252f090365
                                                                • Instruction ID: e45eb09071f30709efb40719b3c0a06c86315aa6f78e604033a8d5c06f7963c4
                                                                • Opcode Fuzzy Hash: ff827cea85a6696039c14d10b9df9e222794d8bfb763d5c6bff6db252f090365
                                                                • Instruction Fuzzy Hash: 501267356042019FDB14EF24D881B2AB7E5FF88724F14895CF89A9B3A2DB31ED45CB91
                                                                Function 00A1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 00A109C6
                                                                • _wcslen.LIBCMT ref: 00A10A01
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A10A54
                                                                • _wcslen.LIBCMT ref: 00A10A8A
                                                                • _wcslen.LIBCMT ref: 00A10B06
                                                                • _wcslen.LIBCMT ref: 00A10B81
                                                                  • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                  • Part of subcall function 009E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009E2BFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                • API String ID: 1103490817-4258414348
                                                                • Opcode ID: 6e6abbb38cb4eab425f896cf8127245fab8576212d6906c4c7bab7bcfb232752
                                                                • Instruction ID: 7ce2c8fad4a5ef2bbdb1258ec2058b9431b83d8beb536cc70acc6d8849d3c769
                                                                • Opcode Fuzzy Hash: 6e6abbb38cb4eab425f896cf8127245fab8576212d6906c4c7bab7bcfb232752
                                                                • Instruction Fuzzy Hash: 82E1BB352083418FCB14EF24C450EAAB7E1BFD8358B14895CF8969B3A2DB70ED85CB91
                                                                Function 00A0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                • API String ID: 1256254125-909552448
                                                                • Opcode ID: 7257588da850fdc0878d854ea093a23d48ff2e328d66582ade7752b1f12e74c4
                                                                • Instruction ID: 8e052384f9a40fe6683e7cffeeb1228f9abbbf6c9115c1a3734f4dcc4bf0275d
                                                                • Opcode Fuzzy Hash: 7257588da850fdc0878d854ea093a23d48ff2e328d66582ade7752b1f12e74c4
                                                                • Instruction Fuzzy Hash: A471D53260056E8BCB10DF6CE9516BF33A6ABA17B4B650724FC559B2C4E635CD4583A0
                                                                Function 00A1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00A1835A
                                                                • _wcslen.LIBCMT ref: 00A1836E
                                                                • _wcslen.LIBCMT ref: 00A18391
                                                                • _wcslen.LIBCMT ref: 00A183B4
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A183F2
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00A15BF2), ref: 00A1844E
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A18487
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A184CA
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A18501
                                                                • FreeLibrary.KERNEL32(?), ref: 00A1850D
                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A1851D
                                                                • DestroyIcon.USER32(?,?,?,?,?,00A15BF2), ref: 00A1852C
                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A18549
                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A18555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                • String ID: .dll$.exe$.icl
                                                                • API String ID: 799131459-1154884017
                                                                • Opcode ID: 1c3d55cd37a47116a5177ee320f76d25332e40c8f93a1de51f4df5681aa5f074
                                                                • Instruction ID: 4117eb2499faf3571e867b393947ba80a27b942f268526ab8970a0668f55abd2
                                                                • Opcode Fuzzy Hash: 1c3d55cd37a47116a5177ee320f76d25332e40c8f93a1de51f4df5681aa5f074
                                                                • Instruction Fuzzy Hash: 0B61CF71540215BAEB14DF64CC41BFE77ACFB44B21F108609F815DA1D1DFB8A991CBA0
                                                                Function 00987778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                • API String ID: 0-1645009161
                                                                • Opcode ID: be91a8722f85a3d2c0ca45f5bb0f2f5423efbacaaa9d02989115cf3fcdfc3094
                                                                • Instruction ID: f02aeda7d602b4401fdcb4aadeaceaede0cd87cab31cba78eaba70fee5cec0b5
                                                                • Opcode Fuzzy Hash: be91a8722f85a3d2c0ca45f5bb0f2f5423efbacaaa9d02989115cf3fcdfc3094
                                                                • Instruction Fuzzy Hash: ED81F971A48605BBDB11BFA4CC42FAFB7A8BF95300F144424F805AA296EB74D951C7D1
                                                                Function 009F3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(?,?), ref: 009F3EF8
                                                                • _wcslen.LIBCMT ref: 009F3F03
                                                                • _wcslen.LIBCMT ref: 009F3F5A
                                                                • _wcslen.LIBCMT ref: 009F3F98
                                                                • GetDriveTypeW.KERNEL32(?), ref: 009F3FD6
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 009F401E
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 009F4059
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 009F4087
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                • API String ID: 1839972693-4113822522
                                                                • Opcode ID: 6fb3df5e8b6f2b2d6feb1e0d59723eb8e8db11da9f7f803154b94b30f41af80b
                                                                • Instruction ID: f1748d5f2be1811fabb808daba4672d7978519370c737d81e7d4ea7c9f3e618b
                                                                • Opcode Fuzzy Hash: 6fb3df5e8b6f2b2d6feb1e0d59723eb8e8db11da9f7f803154b94b30f41af80b
                                                                • Instruction Fuzzy Hash: 6571AC326042069FC310EF24C88097BB7F8EF95768F14892DFA9597251EB34DE45CB92
                                                                Function 009E5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000063), ref: 009E5A2E
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 009E5A40
                                                                • SetWindowTextW.USER32(?,?), ref: 009E5A57
                                                                • GetDlgItem.USER32(?,000003EA), ref: 009E5A6C
                                                                • SetWindowTextW.USER32(00000000,?), ref: 009E5A72
                                                                • GetDlgItem.USER32(?,000003E9), ref: 009E5A82
                                                                • SetWindowTextW.USER32(00000000,?), ref: 009E5A88
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 009E5AA9
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 009E5AC3
                                                                • GetWindowRect.USER32(?,?), ref: 009E5ACC
                                                                • _wcslen.LIBCMT ref: 009E5B33
                                                                • SetWindowTextW.USER32(?,?), ref: 009E5B6F
                                                                • GetDesktopWindow.USER32 ref: 009E5B75
                                                                • GetWindowRect.USER32(00000000), ref: 009E5B7C
                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 009E5BD3
                                                                • GetClientRect.USER32(?,?), ref: 009E5BE0
                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 009E5C05
                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 009E5C2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                • String ID:
                                                                • API String ID: 895679908-0
                                                                • Opcode ID: df6ca60e63449e9f16512e1a5675848eae6f37ce848e493ad447c8001ccb9405
                                                                • Instruction ID: c67c96214d949c7c6015cdd033d655eac907bfb4a2df55ff2156b530333ac2b9
                                                                • Opcode Fuzzy Hash: df6ca60e63449e9f16512e1a5675848eae6f37ce848e493ad447c8001ccb9405
                                                                • Instruction Fuzzy Hash: A3718E31900B49AFDB21DFA9CE85BAEBBF9FF48718F154918E142A25A0D774ED40CB50
                                                                Function 009FFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 009FFE27
                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 009FFE32
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 009FFE3D
                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 009FFE48
                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 009FFE53
                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 009FFE5E
                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 009FFE69
                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 009FFE74
                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 009FFE7F
                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 009FFE8A
                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 009FFE95
                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 009FFEA0
                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 009FFEAB
                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 009FFEB6
                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 009FFEC1
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 009FFECC
                                                                • GetCursorInfo.USER32(?), ref: 009FFEDC
                                                                • GetLastError.KERNEL32 ref: 009FFF1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                • String ID:
                                                                • API String ID: 3215588206-0
                                                                • Opcode ID: ce28f154fe6f6c62d2dcecc133d20f2152d89fb4996c7794cadaaf5bd646d1f5
                                                                • Instruction ID: 31b43dc22d3309460afb55c5185ac07ebff75fb7b22240eb01400e5f87da9b98
                                                                • Opcode Fuzzy Hash: ce28f154fe6f6c62d2dcecc133d20f2152d89fb4996c7794cadaaf5bd646d1f5
                                                                • Instruction Fuzzy Hash: 824154B0D443196ADB10DFBA8C85C6EBFE8FF04354B50452AE11DEB281DB789901CF91
                                                                Function 009A00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 009A00C6
                                                                  • Part of subcall function 009A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00A5070C,00000FA0,4827E35A,?,?,?,?,009C23B3,000000FF), ref: 009A011C
                                                                  • Part of subcall function 009A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,009C23B3,000000FF), ref: 009A0127
                                                                  • Part of subcall function 009A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,009C23B3,000000FF), ref: 009A0138
                                                                  • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 009A014E
                                                                  • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 009A015C
                                                                  • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 009A016A
                                                                  • Part of subcall function 009A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009A0195
                                                                  • Part of subcall function 009A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009A01A0
                                                                • ___scrt_fastfail.LIBCMT ref: 009A00E7
                                                                  • Part of subcall function 009A00A3: __onexit.LIBCMT ref: 009A00A9
                                                                Strings
                                                                • InitializeConditionVariable, xrefs: 009A0148
                                                                • kernel32.dll, xrefs: 009A0133
                                                                • SleepConditionVariableCS, xrefs: 009A0154
                                                                • WakeAllConditionVariable, xrefs: 009A0162
                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 009A0122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                • API String ID: 66158676-1714406822
                                                                • Opcode ID: 4f0380e06ca61c6754e6edac9b445a3d41b1725f32950a7939377dbb4339376e
                                                                • Instruction ID: 41cdbffefcc847631c4562ec357996c57b586aa611f25b9f419cfb9032839962
                                                                • Opcode Fuzzy Hash: 4f0380e06ca61c6754e6edac9b445a3d41b1725f32950a7939377dbb4339376e
                                                                • Instruction Fuzzy Hash: D821F932A847517FE7109BE4AC16FE977A8FBC6F65F004629F801E7291DB7498018AD0
                                                                Function 009E30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                • API String ID: 176396367-1603158881
                                                                • Opcode ID: 7aa472b0ef4eca55f71788cb9a5e6129961c9f28dc11187215ea548c16a30574
                                                                • Instruction ID: 22078005eecb3b474286a7dc5d655f076798ff617b736e431a89561eab68519d
                                                                • Opcode Fuzzy Hash: 7aa472b0ef4eca55f71788cb9a5e6129961c9f28dc11187215ea548c16a30574
                                                                • Instruction Fuzzy Hash: 0CE10632A00556ABCB169FB9C449BEEFBB8FF84710F54C529E456E7240EF30AE458790
                                                                Function 009F44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(00000000,00000000,00A1CC08), ref: 009F4527
                                                                • _wcslen.LIBCMT ref: 009F453B
                                                                • _wcslen.LIBCMT ref: 009F4599
                                                                • _wcslen.LIBCMT ref: 009F45F4
                                                                • _wcslen.LIBCMT ref: 009F463F
                                                                • _wcslen.LIBCMT ref: 009F46A7
                                                                  • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                • GetDriveTypeW.KERNEL32(?,00A46BF0,00000061), ref: 009F4743
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                • API String ID: 2055661098-1000479233
                                                                • Opcode ID: 8b2af43e23c6e062f65d084b39b380b4a52fd19ba01527750d252dca32364cf9
                                                                • Instruction ID: 409b180829917c44710f4d8bedfc609d1abff39d6c58e967b30dc192193db04f
                                                                • Opcode Fuzzy Hash: 8b2af43e23c6e062f65d084b39b380b4a52fd19ba01527750d252dca32364cf9
                                                                • Instruction Fuzzy Hash: 18B1DF316083069BC710EF28C890A7BB7E9AFE6760F50491DF696C7291E734D945CBA2
                                                                Function 00A0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00A0B198
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B1B0
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B1D4
                                                                • _wcslen.LIBCMT ref: 00A0B200
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B214
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B236
                                                                • _wcslen.LIBCMT ref: 00A0B332
                                                                  • Part of subcall function 009F05A7: GetStdHandle.KERNEL32(000000F6), ref: 009F05C6
                                                                • _wcslen.LIBCMT ref: 00A0B34B
                                                                • _wcslen.LIBCMT ref: 00A0B366
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A0B3B6
                                                                • GetLastError.KERNEL32(00000000), ref: 00A0B407
                                                                • CloseHandle.KERNEL32(?), ref: 00A0B439
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0B44A
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0B45C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0B46E
                                                                • CloseHandle.KERNEL32(?), ref: 00A0B4E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 2178637699-0
                                                                • Opcode ID: 1216f876dc0ba036afb17b68a4ad9e43f5b4a8ae9ea37bbfca3adbe22e799257
                                                                • Instruction ID: 8d177aff2849a32c445e03fc5132898710a54f0871d7ed42cb926a1bf1ac2297
                                                                • Opcode Fuzzy Hash: 1216f876dc0ba036afb17b68a4ad9e43f5b4a8ae9ea37bbfca3adbe22e799257
                                                                • Instruction Fuzzy Hash: FBF19A316183449FCB14EF24D991B6EBBE5AFC5710F18855DF8998B2A2DB31EC40CB62
                                                                Function 00A03FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00A1CC08), ref: 00A040BB
                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00A040CD
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00A1CC08), ref: 00A040F2
                                                                • FreeLibrary.KERNEL32(00000000,?,00A1CC08), ref: 00A0413E
                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00A1CC08), ref: 00A041A8
                                                                • SysFreeString.OLEAUT32(00000009), ref: 00A04262
                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00A042C8
                                                                • SysFreeString.OLEAUT32(?), ref: 00A042F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                • API String ID: 354098117-199464113
                                                                • Opcode ID: d2f06c749b49b899df79bf606d765df84bde50f7c6fa13ad965f873dbdfc3a48
                                                                • Instruction ID: 6a2e3db72dabd4dad40a7feca5b02ea2c0e72bb7dbdd6ba1f516038bef0b57d1
                                                                • Opcode Fuzzy Hash: d2f06c749b49b899df79bf606d765df84bde50f7c6fa13ad965f873dbdfc3a48
                                                                • Instruction Fuzzy Hash: 6C123EB5A00119EFDB14DF94D884EAEB7B5FF49314F248098FA05AB291D731ED46CBA0
                                                                Function 0098326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemCount.USER32(00A51990), ref: 009C2F8D
                                                                • GetMenuItemCount.USER32(00A51990), ref: 009C303D
                                                                • GetCursorPos.USER32(?), ref: 009C3081
                                                                • SetForegroundWindow.USER32(00000000), ref: 009C308A
                                                                • TrackPopupMenuEx.USER32(00A51990,00000000,?,00000000,00000000,00000000), ref: 009C309D
                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 009C30A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                • String ID: 0
                                                                • API String ID: 36266755-4108050209
                                                                • Opcode ID: a5a92d7d07ca1b4312323f3a6e51f94557e9c3f16375a5baf463f081bdd996fd
                                                                • Instruction ID: 6161d4370985228b5561f781d922e3dcfeebe8365610b9675e4eab19a272cfbe
                                                                • Opcode Fuzzy Hash: a5a92d7d07ca1b4312323f3a6e51f94557e9c3f16375a5baf463f081bdd996fd
                                                                • Instruction Fuzzy Hash: F0714D31A44205BEEB21DF69CC49FAABF69FF05774F20821AF5246A1D0C7B5AD10C791
                                                                Function 00A16CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,?), ref: 00A16DEB
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A16E5F
                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A16E81
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A16E94
                                                                • DestroyWindow.USER32(?), ref: 00A16EB5
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00980000,00000000), ref: 00A16EE4
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A16EFD
                                                                • GetDesktopWindow.USER32 ref: 00A16F16
                                                                • GetWindowRect.USER32(00000000), ref: 00A16F1D
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A16F35
                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A16F4D
                                                                  • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                • String ID: 0$tooltips_class32
                                                                • API String ID: 2429346358-3619404913
                                                                • Opcode ID: 77b03485e28f0dec36bce38de1bb935b2eaaed355189c874dbf696518ef460e4
                                                                • Instruction ID: e534ec83fb99963026870509a5ccf30b2a109850392f5f01cf96a86131442da1
                                                                • Opcode Fuzzy Hash: 77b03485e28f0dec36bce38de1bb935b2eaaed355189c874dbf696518ef460e4
                                                                • Instruction Fuzzy Hash: 34716674244340AFDB21CF68D848BBABBE9FB88314F04491DF999C72A1C774A946CB11
                                                                Function 00A1911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • DragQueryPoint.SHELL32(?,?), ref: 00A19147
                                                                  • Part of subcall function 00A17674: ClientToScreen.USER32(?,?), ref: 00A1769A
                                                                  • Part of subcall function 00A17674: GetWindowRect.USER32(?,?), ref: 00A17710
                                                                  • Part of subcall function 00A17674: PtInRect.USER32(?,?,00A18B89), ref: 00A17720
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00A191B0
                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A191BB
                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A191DE
                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A19225
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00A1923E
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00A19255
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00A19277
                                                                • DragFinish.SHELL32(?), ref: 00A1927E
                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00A19371
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                • API String ID: 221274066-3440237614
                                                                • Opcode ID: 5b35d1d6f7066a145b5a70c5bb20d2d85e020557280c5ce99d2121e60f87c986
                                                                • Instruction ID: 9656e9119cb0efa76f4c340de36e0f45c807c2fa86e24849d55f6a9ce77f1f65
                                                                • Opcode Fuzzy Hash: 5b35d1d6f7066a145b5a70c5bb20d2d85e020557280c5ce99d2121e60f87c986
                                                                • Instruction Fuzzy Hash: 52614A71108301AFD701EFA4DC85EAFBBE9EFC9750F04492DF5A5962A0DB309A49CB52
                                                                Function 009FC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009FC4B0
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 009FC4C3
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 009FC4D7
                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 009FC4F0
                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 009FC533
                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 009FC549
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009FC554
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 009FC584
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 009FC5DC
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 009FC5F0
                                                                • InternetCloseHandle.WININET(00000000), ref: 009FC5FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                • String ID:
                                                                • API String ID: 3800310941-3916222277
                                                                • Opcode ID: fe2d3f8453470980b1919ae4b9dca7311e59746fc061c510e2be41e7f0ad22ee
                                                                • Instruction ID: 32d37b9c6c46165efe6514c14b262a84ad5f2cbecbc4c76b1642f188a949e90f
                                                                • Opcode Fuzzy Hash: fe2d3f8453470980b1919ae4b9dca7311e59746fc061c510e2be41e7f0ad22ee
                                                                • Instruction Fuzzy Hash: BC5159B154430DBFDB21DFA0CA88ABB7BBCFB08754F04841AFA4596250DB74E945DBA0
                                                                Function 00A1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00A18592
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185A2
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185AD
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185BA
                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185C8
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185D7
                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185E0
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185E7
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185F8
                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00A1FC38,?), ref: 00A18611
                                                                • GlobalFree.KERNEL32(00000000), ref: 00A18621
                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00A18641
                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00A18671
                                                                • DeleteObject.GDI32(?), ref: 00A18699
                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A186AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                • String ID:
                                                                • API String ID: 3840717409-0
                                                                • Opcode ID: a6a042a4681765429c23574eee500d7cb789e59addf4451b90848477d319d7ac
                                                                • Instruction ID: 13a71b7f46799832af5cf0a4d23f399fd326185a6909ddb5b41a7f753f9a0458
                                                                • Opcode Fuzzy Hash: a6a042a4681765429c23574eee500d7cb789e59addf4451b90848477d319d7ac
                                                                • Instruction Fuzzy Hash: 6E412975640204BFDB11DFA5CC48EEA7BBDEF89761F108058F915EB260DB349942CB60
                                                                Function 009F14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000000), ref: 009F1502
                                                                • VariantCopy.OLEAUT32(?,?), ref: 009F150B
                                                                • VariantClear.OLEAUT32(?), ref: 009F1517
                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009F15FB
                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 009F1657
                                                                • VariantInit.OLEAUT32(?), ref: 009F1708
                                                                • SysFreeString.OLEAUT32(?), ref: 009F178C
                                                                • VariantClear.OLEAUT32(?), ref: 009F17D8
                                                                • VariantClear.OLEAUT32(?), ref: 009F17E7
                                                                • VariantInit.OLEAUT32(00000000), ref: 009F1823
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                • API String ID: 1234038744-3931177956
                                                                • Opcode ID: 6ee6f118e56e112197206f9d8f705315d4267c4c7d36f7890d2970b447e72857
                                                                • Instruction ID: 680e6635f9b96e37847236bd4dd588cfce770bf9a7184c2095f8532fab5e4fbb
                                                                • Opcode Fuzzy Hash: 6ee6f118e56e112197206f9d8f705315d4267c4c7d36f7890d2970b447e72857
                                                                • Instruction Fuzzy Hash: 90D1F031A04119EBDF04AF65E884BBDB7B6BF84700F148456FA46AB680DB34DC41DBE1
                                                                Function 00A0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0B6F4
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0B772
                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00A0B80A
                                                                • RegCloseKey.ADVAPI32(?), ref: 00A0B87E
                                                                • RegCloseKey.ADVAPI32(?), ref: 00A0B89C
                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A0B8F2
                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A0B904
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A0B922
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00A0B983
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0B994
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 146587525-4033151799
                                                                • Opcode ID: b47834a187a79b69e14ebab38fb8e0af2faa30dac717f94934f034e8aea782e6
                                                                • Instruction ID: a1e8665b3091694670089d61fcf8b32fffeac5c967a36f1b2475cf32d76e1f53
                                                                • Opcode Fuzzy Hash: b47834a187a79b69e14ebab38fb8e0af2faa30dac717f94934f034e8aea782e6
                                                                • Instruction Fuzzy Hash: 7AC19B30218205AFD710DF24D594F2ABBE5BF84358F14859CF59A8B3A2CB71EC46CBA1
                                                                Function 00A0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 00A025D8
                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A025E8
                                                                • CreateCompatibleDC.GDI32(?), ref: 00A025F4
                                                                • SelectObject.GDI32(00000000,?), ref: 00A02601
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A0266D
                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A026AC
                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A026D0
                                                                • SelectObject.GDI32(?,?), ref: 00A026D8
                                                                • DeleteObject.GDI32(?), ref: 00A026E1
                                                                • DeleteDC.GDI32(?), ref: 00A026E8
                                                                • ReleaseDC.USER32(00000000,?), ref: 00A026F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                • String ID: (
                                                                • API String ID: 2598888154-3887548279
                                                                • Opcode ID: 324da19d452960073e1ef52fdbd14abde2f1f0ce4f7aef21a9a0aad21afd56c8
                                                                • Instruction ID: 4c4a628ea9b7042192d51e11704f1b6dea1892a8458bdc97997c443dd9968cee
                                                                • Opcode Fuzzy Hash: 324da19d452960073e1ef52fdbd14abde2f1f0ce4f7aef21a9a0aad21afd56c8
                                                                • Instruction Fuzzy Hash: DE61E275D00219EFCF14CFE8D988AAEBBB6FF48310F208529E955A7250E771A941CF50
                                                                Function 009BDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___free_lconv_mon.LIBCMT ref: 009BDAA1
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD659
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD66B
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD67D
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD68F
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6A1
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6B3
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6C5
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6D7
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6E9
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6FB
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD70D
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD71F
                                                                  • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD731
                                                                • _free.LIBCMT ref: 009BDA96
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009BDAB8
                                                                • _free.LIBCMT ref: 009BDACD
                                                                • _free.LIBCMT ref: 009BDAD8
                                                                • _free.LIBCMT ref: 009BDAFA
                                                                • _free.LIBCMT ref: 009BDB0D
                                                                • _free.LIBCMT ref: 009BDB1B
                                                                • _free.LIBCMT ref: 009BDB26
                                                                • _free.LIBCMT ref: 009BDB5E
                                                                • _free.LIBCMT ref: 009BDB65
                                                                • _free.LIBCMT ref: 009BDB82
                                                                • _free.LIBCMT ref: 009BDB9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                • String ID:
                                                                • API String ID: 161543041-0
                                                                • Opcode ID: a317ce12611cf11754fb6e57a495fecab39fe389f34513ed2e12ab850713c4e2
                                                                • Instruction ID: 30ec507caf4286e6a812f6faa8bf419d3f154f90d269ce75b92ea83dcb285219
                                                                • Opcode Fuzzy Hash: a317ce12611cf11754fb6e57a495fecab39fe389f34513ed2e12ab850713c4e2
                                                                • Instruction Fuzzy Hash: 72312831606605AFEB21AB79EA45BDAB7EDFF40330F154829E449D7191EF31ED808B24
                                                                Function 009E365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 009E369C
                                                                • _wcslen.LIBCMT ref: 009E36A7
                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 009E3797
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 009E380C
                                                                • GetDlgCtrlID.USER32(?), ref: 009E385D
                                                                • GetWindowRect.USER32(?,?), ref: 009E3882
                                                                • GetParent.USER32(?), ref: 009E38A0
                                                                • ScreenToClient.USER32(00000000), ref: 009E38A7
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 009E3921
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 009E395D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                • String ID: %s%u
                                                                • API String ID: 4010501982-679674701
                                                                • Opcode ID: 69b3520d5898499c3210b86e7a1ad2ce2e8ec701888e630b58455f1618aac3e6
                                                                • Instruction ID: ac6b6350fa0353cd7f3029b71a034a40ff210fa460c7a078e45cf53fcbb8de42
                                                                • Opcode Fuzzy Hash: 69b3520d5898499c3210b86e7a1ad2ce2e8ec701888e630b58455f1618aac3e6
                                                                • Instruction Fuzzy Hash: 3A91A071204646EFD71ADF66C889BAAB7A8FF44350F00C529F9A9C3191DB30EE45CB91
                                                                Function 009E4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 009E4994
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 009E49DA
                                                                • _wcslen.LIBCMT ref: 009E49EB
                                                                • CharUpperBuffW.USER32(?,00000000), ref: 009E49F7
                                                                • _wcsstr.LIBVCRUNTIME ref: 009E4A2C
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 009E4A64
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 009E4A9D
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 009E4AE6
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 009E4B20
                                                                • GetWindowRect.USER32(?,?), ref: 009E4B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                • String ID: ThumbnailClass
                                                                • API String ID: 1311036022-1241985126
                                                                • Opcode ID: 2ee9fa015cb92a49bb2446fcb8470ff7d200352234872dbcdede52d914476d5f
                                                                • Instruction ID: d9cf090dc9a01967350dce8eaa3b0c120a16262f2536d0d4a5665ac4becef344
                                                                • Opcode Fuzzy Hash: 2ee9fa015cb92a49bb2446fcb8470ff7d200352234872dbcdede52d914476d5f
                                                                • Instruction Fuzzy Hash: CA91ED310083459FDB06CF16C885BAA77ECFF84324F088469FD859A196EB34ED46CBA1
                                                                Function 00A18D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A18D5A
                                                                • GetFocus.USER32 ref: 00A18D6A
                                                                • GetDlgCtrlID.USER32(00000000), ref: 00A18D75
                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00A18E1D
                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00A18ECF
                                                                • GetMenuItemCount.USER32(?), ref: 00A18EEC
                                                                • GetMenuItemID.USER32(?,00000000), ref: 00A18EFC
                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00A18F2E
                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00A18F70
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A18FA1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                • String ID: 0
                                                                • API String ID: 1026556194-4108050209
                                                                • Opcode ID: 2a1eb6209a3fe725cf2c2a9c3bb79a4f8369bd9ae406a37ed7151b0d92e8c3ca
                                                                • Instruction ID: 197002c9c7f7b3f410161977bbb97d72c60eeccec577ed89b7e0db0a45f20c1f
                                                                • Opcode Fuzzy Hash: 2a1eb6209a3fe725cf2c2a9c3bb79a4f8369bd9ae406a37ed7151b0d92e8c3ca
                                                                • Instruction Fuzzy Hash: 8581AE715083019FDB10CF24D884AEBBBEAFB88764F14491DF99597291DB38D982CBA1
                                                                Function 009EBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00A51990,000000FF,00000000,00000030), ref: 009EBFAC
                                                                • SetMenuItemInfoW.USER32(00A51990,00000004,00000000,00000030), ref: 009EBFE1
                                                                • Sleep.KERNEL32(000001F4), ref: 009EBFF3
                                                                • GetMenuItemCount.USER32(?), ref: 009EC039
                                                                • GetMenuItemID.USER32(?,00000000), ref: 009EC056
                                                                • GetMenuItemID.USER32(?,-00000001), ref: 009EC082
                                                                • GetMenuItemID.USER32(?,?), ref: 009EC0C9
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 009EC10F
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009EC124
                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009EC145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                • String ID: 0
                                                                • API String ID: 1460738036-4108050209
                                                                • Opcode ID: bab51d4f2924e4faf2381a2af62715fa9390d28e4d7984b0b80ba46b1443db4b
                                                                • Instruction ID: c2256d81d02b6a1a1aefe5a1841e5aff77a9c3abf2e167572e66b5b56205e6a4
                                                                • Opcode Fuzzy Hash: bab51d4f2924e4faf2381a2af62715fa9390d28e4d7984b0b80ba46b1443db4b
                                                                • Instruction Fuzzy Hash: 83618DB094038AAFDF12CFA5DC88AFE7BB9FB45355F004415E891A3291C735AD06CB60
                                                                Function 009EDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 009EDC20
                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 009EDC46
                                                                • _wcslen.LIBCMT ref: 009EDC50
                                                                • _wcsstr.LIBVCRUNTIME ref: 009EDCA0
                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 009EDCBC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                • API String ID: 1939486746-1459072770
                                                                • Opcode ID: 87b22988305a387149454fbe6c9aea9aeff3a2b4f343a1d796119fcb27d97479
                                                                • Instruction ID: 41c82b6582395bf038380cf661a63544d374b8081d10ccf499e3effb701d7c99
                                                                • Opcode Fuzzy Hash: 87b22988305a387149454fbe6c9aea9aeff3a2b4f343a1d796119fcb27d97479
                                                                • Instruction Fuzzy Hash: 5C412172A442107ADB01ABA59C07FFF77ACEF82760F140469F900E61C2EB749E4187A5
                                                                Function 00A0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0CC64
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A0CC8D
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A0CD48
                                                                  • Part of subcall function 00A0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A0CCAA
                                                                  • Part of subcall function 00A0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A0CCBD
                                                                  • Part of subcall function 00A0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A0CCCF
                                                                  • Part of subcall function 00A0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A0CD05
                                                                  • Part of subcall function 00A0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0CD28
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A0CCF3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 2734957052-4033151799
                                                                • Opcode ID: fa36f555cef2d3761ad55585947289892d9ccbdf7a30991991d1c78f30ec6858
                                                                • Instruction ID: 09200a48c1ae507b35f717ebc0c67e0cefd250f035aa41f6a8fa759bc9503a03
                                                                • Opcode Fuzzy Hash: fa36f555cef2d3761ad55585947289892d9ccbdf7a30991991d1c78f30ec6858
                                                                • Instruction Fuzzy Hash: 6931607194112DBBD720CB94EC88EFFBB7CEF45760F004265A905E3190D7349E469AA0
                                                                Function 009F3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 009F3D40
                                                                • _wcslen.LIBCMT ref: 009F3D6D
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 009F3D9D
                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 009F3DBE
                                                                • RemoveDirectoryW.KERNEL32(?), ref: 009F3DCE
                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 009F3E55
                                                                • CloseHandle.KERNEL32(00000000), ref: 009F3E60
                                                                • CloseHandle.KERNEL32(00000000), ref: 009F3E6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                • String ID: :$\$\??\%s
                                                                • API String ID: 1149970189-3457252023
                                                                • Opcode ID: 3b5bb0d1b18dfdd2b203b8fd284ee1b3517eb4ebbdd3462030a43f69242c3b62
                                                                • Instruction ID: 4f963ac921f70756502b45fb12b67b205c3c2b0c1134f0c336227e79dcf82015
                                                                • Opcode Fuzzy Hash: 3b5bb0d1b18dfdd2b203b8fd284ee1b3517eb4ebbdd3462030a43f69242c3b62
                                                                • Instruction Fuzzy Hash: FC31CF72940219ABDB20DBA0DC49FEF77BCEF89750F1080A5FA09D60A0EB7497458B64
                                                                Function 009EE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • timeGetTime.WINMM ref: 009EE6B4
                                                                  • Part of subcall function 0099E551: timeGetTime.WINMM(?,?,009EE6D4), ref: 0099E555
                                                                • Sleep.KERNEL32(0000000A), ref: 009EE6E1
                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 009EE705
                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 009EE727
                                                                • SetActiveWindow.USER32 ref: 009EE746
                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 009EE754
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 009EE773
                                                                • Sleep.KERNEL32(000000FA), ref: 009EE77E
                                                                • IsWindow.USER32 ref: 009EE78A
                                                                • EndDialog.USER32(00000000), ref: 009EE79B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                • String ID: BUTTON
                                                                • API String ID: 1194449130-3405671355
                                                                • Opcode ID: 4b1e03946bb45c43720d473f67c9f6c1df30f699a61b5cd0b5ffc6d15a3ce8fe
                                                                • Instruction ID: 4eaff46b1ed4e9f13dfe662e866520048c55eeee75e634979631e1d819b6d0c7
                                                                • Opcode Fuzzy Hash: 4b1e03946bb45c43720d473f67c9f6c1df30f699a61b5cd0b5ffc6d15a3ce8fe
                                                                • Instruction Fuzzy Hash: A12196B0280385AFEB02DFE1EC89B753B6EF75576AF105434F415825A1DB769C028B15
                                                                Function 009EE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 009EEA5D
                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 009EEA73
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 009EEA84
                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 009EEA96
                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 009EEAA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString$_wcslen
                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                • API String ID: 2420728520-1007645807
                                                                • Opcode ID: c3146e287ca4018259a278094615055f4312c80f4be5afce83f8ea235c8a129f
                                                                • Instruction ID: db2026191a91c121b60de6150c08a35b8678bb04d3415c5f4e391984275b7b74
                                                                • Opcode Fuzzy Hash: c3146e287ca4018259a278094615055f4312c80f4be5afce83f8ea235c8a129f
                                                                • Instruction Fuzzy Hash: F0115135A9026979D721B7A2DC4AEFF6A7CFBD2F00F440829B411A21D1EAB00E05C6B1
                                                                Function 009E9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 009EA012
                                                                • SetKeyboardState.USER32(?), ref: 009EA07D
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 009EA09D
                                                                • GetKeyState.USER32(000000A0), ref: 009EA0B4
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 009EA0E3
                                                                • GetKeyState.USER32(000000A1), ref: 009EA0F4
                                                                • GetAsyncKeyState.USER32(00000011), ref: 009EA120
                                                                • GetKeyState.USER32(00000011), ref: 009EA12E
                                                                • GetAsyncKeyState.USER32(00000012), ref: 009EA157
                                                                • GetKeyState.USER32(00000012), ref: 009EA165
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 009EA18E
                                                                • GetKeyState.USER32(0000005B), ref: 009EA19C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: b29b6936a18332e3f0adcb156077c883b96b8dfb188d72f96fcac14e2ba08cd9
                                                                • Instruction ID: ad39ac780bb8da234222d9657ca3055392273a5e956c3b494dd24ae823e93529
                                                                • Opcode Fuzzy Hash: b29b6936a18332e3f0adcb156077c883b96b8dfb188d72f96fcac14e2ba08cd9
                                                                • Instruction Fuzzy Hash: BF51D9309087C829FB37DBA288117EABFB99F12380F088599D5C2571D2DA54BE4CC766
                                                                Function 009E5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000001), ref: 009E5CE2
                                                                • GetWindowRect.USER32(00000000,?), ref: 009E5CFB
                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 009E5D59
                                                                • GetDlgItem.USER32(?,00000002), ref: 009E5D69
                                                                • GetWindowRect.USER32(00000000,?), ref: 009E5D7B
                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 009E5DCF
                                                                • GetDlgItem.USER32(?,000003E9), ref: 009E5DDD
                                                                • GetWindowRect.USER32(00000000,?), ref: 009E5DEF
                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 009E5E31
                                                                • GetDlgItem.USER32(?,000003EA), ref: 009E5E44
                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 009E5E5A
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 009E5E67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                • String ID:
                                                                • API String ID: 3096461208-0
                                                                • Opcode ID: f6d8c478b88f8c11b01f32e1ee66d094d3974110102987a9f16a0a33e34a5c9d
                                                                • Instruction ID: 43a9ee7e8bb19f313d2f21c8292ab9fe8956b7242fd428e94b68206a009e59e5
                                                                • Opcode Fuzzy Hash: f6d8c478b88f8c11b01f32e1ee66d094d3974110102987a9f16a0a33e34a5c9d
                                                                • Instruction Fuzzy Hash: 4D513F70B40605AFDF19CFA9CD89AAEBBB9FB48314F158129F515E7290D7709E01CB50
                                                                Function 00998BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00998F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00998BE8,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 00998FC5
                                                                • DestroyWindow.USER32(?), ref: 00998C81
                                                                • KillTimer.USER32(00000000,?,?,?,?,00998BBA,00000000,?), ref: 00998D1B
                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 009D6973
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 009D69A1
                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 009D69B8
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000), ref: 009D69D4
                                                                • DeleteObject.GDI32(00000000), ref: 009D69E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                • String ID:
                                                                • API String ID: 641708696-0
                                                                • Opcode ID: 29c58d553560ba4ef579a6560a0f93492ada902c3360fdaa2657cde9da7f5f34
                                                                • Instruction ID: 94d8658e2edee96434ca6418f57cc028799c91799d93891b761d5bf4cf7b1ca6
                                                                • Opcode Fuzzy Hash: 29c58d553560ba4ef579a6560a0f93492ada902c3360fdaa2657cde9da7f5f34
                                                                • Instruction Fuzzy Hash: BF618C30542700DFCF21DF68D958B6677F5FB46322F14891DE0829BAA0CB75AD82CB90
                                                                Function 00999838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                • GetSysColor.USER32(0000000F), ref: 00999862
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ColorLongWindow
                                                                • String ID:
                                                                • API String ID: 259745315-0
                                                                • Opcode ID: 568aedb42fd55e67d02bcc3c8abb1a81a81f19fcd36d7ac1b5b70943f8e7ce73
                                                                • Instruction ID: d8d1cb61fc482593b7fa11613809798e24e5af32cec93454e98f0e1e6c16a6c1
                                                                • Opcode Fuzzy Hash: 568aedb42fd55e67d02bcc3c8abb1a81a81f19fcd36d7ac1b5b70943f8e7ce73
                                                                • Instruction Fuzzy Hash: 9641A231184644AFDF209F7D9C84BB97BA9EB06331F14861DF9A2872E1E7319C42DB11
                                                                Function 009E96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,009CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 009E9717
                                                                • LoadStringW.USER32(00000000,?,009CF7F8,00000001), ref: 009E9720
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,009CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 009E9742
                                                                • LoadStringW.USER32(00000000,?,009CF7F8,00000001), ref: 009E9745
                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 009E9866
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                • API String ID: 747408836-2268648507
                                                                • Opcode ID: e83e947701c053a1d6a02ab7f0ac245fcbc213cef0bf39edccd8d5e9996dc979
                                                                • Instruction ID: b877b8417d437cba88526e2232883d1efcbcc70a7341fb3742da76f933e25d4f
                                                                • Opcode Fuzzy Hash: e83e947701c053a1d6a02ab7f0ac245fcbc213cef0bf39edccd8d5e9996dc979
                                                                • Instruction Fuzzy Hash: 61414A72800219AACF05FBE0DE86FEEB378AF95740F544425F60672192EB356F49CB61
                                                                Function 009E06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009E07A2
                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009E07BE
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009E07DA
                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 009E0804
                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 009E082C
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 009E0837
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 009E083C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                • API String ID: 323675364-22481851
                                                                • Opcode ID: ce0dbdef4aefe04e71b1925b7021613f8559c0586b249f485c5cc90c90d919ff
                                                                • Instruction ID: 2289581e63af4284ae35537f5a53853afa039205c943463dc52f29400e720fbe
                                                                • Opcode Fuzzy Hash: ce0dbdef4aefe04e71b1925b7021613f8559c0586b249f485c5cc90c90d919ff
                                                                • Instruction Fuzzy Hash: 2E411672C10229ABDF15EBA4DC85DEDB778FF84750B04812AE901A3261EB759E45CBA0
                                                                Function 00A13F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00A1403B
                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00A14042
                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00A14055
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00A1405D
                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00A14068
                                                                • DeleteDC.GDI32(00000000), ref: 00A14072
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00A1407C
                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00A14092
                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00A1409E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                • String ID: static
                                                                • API String ID: 2559357485-2160076837
                                                                • Opcode ID: 74cf5644e18d02b420b3d49f6b88e44183be9d6696e958c2f814e960bc321ec1
                                                                • Instruction ID: b9379ee419c774536745fd64e1ce4acf3bca51935eef192f905e5d25a45d9e26
                                                                • Opcode Fuzzy Hash: 74cf5644e18d02b420b3d49f6b88e44183be9d6696e958c2f814e960bc321ec1
                                                                • Instruction Fuzzy Hash: 01316C32581215BBDF219FA8DC09FDA3B69FF0D320F114211FA29E61A0C779D861DB54
                                                                Function 00A03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00A03C5C
                                                                • CoInitialize.OLE32(00000000), ref: 00A03C8A
                                                                • CoUninitialize.OLE32 ref: 00A03C94
                                                                • _wcslen.LIBCMT ref: 00A03D2D
                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00A03DB1
                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00A03ED5
                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A03F0E
                                                                • CoGetObject.OLE32(?,00000000,00A1FB98,?), ref: 00A03F2D
                                                                • SetErrorMode.KERNEL32(00000000), ref: 00A03F40
                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A03FC4
                                                                • VariantClear.OLEAUT32(?), ref: 00A03FD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                • String ID:
                                                                • API String ID: 429561992-0
                                                                • Opcode ID: b788cc6dc9bc3fb79aa8e92a3c7793ed0a4c23b7b77457bd3e4468a942e756c3
                                                                • Instruction ID: c17aae0b99b0c5e701a5d56b200bb1a82bd93c5648605c5969027ceb93b688af
                                                                • Opcode Fuzzy Hash: b788cc6dc9bc3fb79aa8e92a3c7793ed0a4c23b7b77457bd3e4468a942e756c3
                                                                • Instruction Fuzzy Hash: 04C15772608309AFDB00DF68D88492BB7E9FF89744F04491DF98A9B291D730ED05CB52
                                                                Function 009F7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 009F7AF3
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 009F7B8F
                                                                • SHGetDesktopFolder.SHELL32(?), ref: 009F7BA3
                                                                • CoCreateInstance.OLE32(00A1FD08,00000000,00000001,00A46E6C,?), ref: 009F7BEF
                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 009F7C74
                                                                • CoTaskMemFree.OLE32(?,?), ref: 009F7CCC
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 009F7D57
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 009F7D7A
                                                                • CoTaskMemFree.OLE32(00000000), ref: 009F7D81
                                                                • CoTaskMemFree.OLE32(00000000), ref: 009F7DD6
                                                                • CoUninitialize.OLE32 ref: 009F7DDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                • String ID:
                                                                • API String ID: 2762341140-0
                                                                • Opcode ID: 4e3bfd14ae1da5f062edc363a670bf77713ea435a79243a5948bf669785e8080
                                                                • Instruction ID: 390d12ba7295807c54e6ff43e2258a7a548e0dc3e61cb15c5d30c25783892004
                                                                • Opcode Fuzzy Hash: 4e3bfd14ae1da5f062edc363a670bf77713ea435a79243a5948bf669785e8080
                                                                • Instruction Fuzzy Hash: B7C11A75A04109AFCB14DFA4C888DAEBBF9FF48314B148499F9199B361D731EE41CB90
                                                                Function 00A1541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00A15504
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A15515
                                                                • CharNextW.USER32(00000158), ref: 00A15544
                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00A15585
                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00A1559B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A155AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CharNext
                                                                • String ID:
                                                                • API String ID: 1350042424-0
                                                                • Opcode ID: 46ee4fc730b3a3bb779feda293caa44433a1b429c75ff4b0b4b78541cfc35ae6
                                                                • Instruction ID: fddbe86be4a564d83cfad50fad892a660e80813514180fe1e9b1f0bede1754cc
                                                                • Opcode Fuzzy Hash: 46ee4fc730b3a3bb779feda293caa44433a1b429c75ff4b0b4b78541cfc35ae6
                                                                • Instruction Fuzzy Hash: FC616E35D00608EFDF10DFA4CC84AFE7BBAEB89721F108145F525A6291D7748AC1DB61
                                                                Function 009DFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 009DFAAF
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 009DFB08
                                                                • VariantInit.OLEAUT32(?), ref: 009DFB1A
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 009DFB3A
                                                                • VariantCopy.OLEAUT32(?,?), ref: 009DFB8D
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 009DFBA1
                                                                • VariantClear.OLEAUT32(?), ref: 009DFBB6
                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 009DFBC3
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009DFBCC
                                                                • VariantClear.OLEAUT32(?), ref: 009DFBDE
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009DFBE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                • String ID:
                                                                • API String ID: 2706829360-0
                                                                • Opcode ID: 1173c39d38197ec49e25e693f7b84974861fe9d3d8230a79a542ff8eeca6c150
                                                                • Instruction ID: 540fcdd8f7b0ee8c31a69b6a4fe30a1eb97c559035c064be39bdc9285df35abd
                                                                • Opcode Fuzzy Hash: 1173c39d38197ec49e25e693f7b84974861fe9d3d8230a79a542ff8eeca6c150
                                                                • Instruction Fuzzy Hash: 92418234A402199FCB00DFA4D8699EDBBB9EF48354F00C06AE946A7361D734A946CBA0
                                                                Function 009E9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 009E9CA1
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 009E9D22
                                                                • GetKeyState.USER32(000000A0), ref: 009E9D3D
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 009E9D57
                                                                • GetKeyState.USER32(000000A1), ref: 009E9D6C
                                                                • GetAsyncKeyState.USER32(00000011), ref: 009E9D84
                                                                • GetKeyState.USER32(00000011), ref: 009E9D96
                                                                • GetAsyncKeyState.USER32(00000012), ref: 009E9DAE
                                                                • GetKeyState.USER32(00000012), ref: 009E9DC0
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 009E9DD8
                                                                • GetKeyState.USER32(0000005B), ref: 009E9DEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: b13ca49ce3e08dd3eae63caf0cfd25443ce94bf71743c04508f3749c72982679
                                                                • Instruction ID: c68b190ea5fcb9eb45a6b8218c152d89eff3dc8db348edf9e5e8e3bd646d95d6
                                                                • Opcode Fuzzy Hash: b13ca49ce3e08dd3eae63caf0cfd25443ce94bf71743c04508f3749c72982679
                                                                • Instruction Fuzzy Hash: EB41F8345047D96DFF3297A288043F5BEE96F12354F08805EDAC65A5C2DBA49DC8C7A2
                                                                Function 00A0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00A005BC
                                                                • inet_addr.WSOCK32(?), ref: 00A0061C
                                                                • gethostbyname.WSOCK32(?), ref: 00A00628
                                                                • IcmpCreateFile.IPHLPAPI ref: 00A00636
                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A006C6
                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A006E5
                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00A007B9
                                                                • WSACleanup.WSOCK32 ref: 00A007BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                • String ID: Ping
                                                                • API String ID: 1028309954-2246546115
                                                                • Opcode ID: a37335efb020edded89905509fc9dfb51078bec09c6562dc08c716631c979944
                                                                • Instruction ID: 5e9dc7fcf59806ff07438a112f1f6f509ca498df5c1fc3b529be1be2b915101c
                                                                • Opcode Fuzzy Hash: a37335efb020edded89905509fc9dfb51078bec09c6562dc08c716631c979944
                                                                • Instruction Fuzzy Hash: B591CF34608601AFD720DF15E888F1ABBE0AF89318F1485A9F4698B7A2C775FD45CF91
                                                                Function 00A08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharLower
                                                                • String ID: cdecl$none$stdcall$winapi
                                                                • API String ID: 707087890-567219261
                                                                • Opcode ID: 152c03bdc409207acf6958af47773b0fea71b8fedafacfdc43f92e59362b10e8
                                                                • Instruction ID: 2c887a9f4359ae9c4d08156323146892a3a4234ed70ad14d89e826a76e1695f5
                                                                • Opcode Fuzzy Hash: 152c03bdc409207acf6958af47773b0fea71b8fedafacfdc43f92e59362b10e8
                                                                • Instruction Fuzzy Hash: 2751C131A0051A9BCF14DF68D9409BEB7A6BFA5720B214229E8A6E73C4DB38DD40C794
                                                                Function 00A0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32 ref: 00A03774
                                                                • CoUninitialize.OLE32 ref: 00A0377F
                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00A1FB78,?), ref: 00A037D9
                                                                • IIDFromString.OLE32(?,?), ref: 00A0384C
                                                                • VariantInit.OLEAUT32(?), ref: 00A038E4
                                                                • VariantClear.OLEAUT32(?), ref: 00A03936
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                • API String ID: 636576611-1287834457
                                                                • Opcode ID: ef199dddfbb56027239c4580e093202a6d111832f955653f19cd7453fb4ff9b0
                                                                • Instruction ID: ed8cfc3e1234fdf1d8b802208e8b42d7c63c21ad448d82c23ed4abc4b147e309
                                                                • Opcode Fuzzy Hash: ef199dddfbb56027239c4580e093202a6d111832f955653f19cd7453fb4ff9b0
                                                                • Instruction Fuzzy Hash: 1761CF72608305AFDB11DF54D888F6ABBE8FF88710F104849F9859B291D770EE48CB92
                                                                Function 009F3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009F33CF
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009F33F0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-3080491070
                                                                • Opcode ID: f9f2279c75ce2c217a6d604a827ff0f440d4f6b28f52fa80fafc3226ea275aa6
                                                                • Instruction ID: 9bb19e9ed142933a1e9474634171a07db2a39b520d3b2279cd86eaf359d83233
                                                                • Opcode Fuzzy Hash: f9f2279c75ce2c217a6d604a827ff0f440d4f6b28f52fa80fafc3226ea275aa6
                                                                • Instruction Fuzzy Hash: 76518A3190020ABADF15EBE0CD56FFEB378AF94340F248465F109721A2EB252F59CB61
                                                                Function 009EB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                • API String ID: 1256254125-769500911
                                                                • Opcode ID: 862d882d4c1fd897d2ad7dd969194d5a1402dfbb436d95d66577657a6ed14b0c
                                                                • Instruction ID: 3a4ab3a6adb5e2f3e12b99c5cf7fe06ab766c1d8a93a3b13d5ee66bc636452ad
                                                                • Opcode Fuzzy Hash: 862d882d4c1fd897d2ad7dd969194d5a1402dfbb436d95d66577657a6ed14b0c
                                                                • Instruction Fuzzy Hash: E841E732A000679ACB216F7E88905BFB7A9BBE1F74B244529E521DB284E735CD81C790
                                                                Function 009F5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 009F53A0
                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 009F5416
                                                                • GetLastError.KERNEL32 ref: 009F5420
                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 009F54A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                • API String ID: 4194297153-14809454
                                                                • Opcode ID: e953a4c82f35a80aaf4b2f5bfdeacec05f96876ea107936482bd7dde76c2cd3c
                                                                • Instruction ID: a54458714496d86bc422171cad3241f279cfef3ccdcb4248c23ecf283fff4f5b
                                                                • Opcode Fuzzy Hash: e953a4c82f35a80aaf4b2f5bfdeacec05f96876ea107936482bd7dde76c2cd3c
                                                                • Instruction Fuzzy Hash: DC31B075A006099FC710DF68C484BFABBB8EF45309F198069E605CB3A2D731DD82CBA1
                                                                Function 00A13C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMenu.USER32 ref: 00A13C79
                                                                • SetMenu.USER32(?,00000000), ref: 00A13C88
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A13D10
                                                                • IsMenu.USER32(?), ref: 00A13D24
                                                                • CreatePopupMenu.USER32 ref: 00A13D2E
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A13D5B
                                                                • DrawMenuBar.USER32 ref: 00A13D63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                • String ID: 0$F
                                                                • API String ID: 161812096-3044882817
                                                                • Opcode ID: d373823475363c3ce1fba9ac1fa1dba09545d4f916ad27cd759a979428d20f70
                                                                • Instruction ID: 9955965ab5080b1c3610fd4f9097749232e3c8e58bd8d9d796e3cde478085d9e
                                                                • Opcode Fuzzy Hash: d373823475363c3ce1fba9ac1fa1dba09545d4f916ad27cd759a979428d20f70
                                                                • Instruction Fuzzy Hash: 3D418A75A01209EFDF14CFA4E844BEA7BB6FF49364F144428F94697360D730AA11CB90
                                                                Function 009E1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 009E1F64
                                                                • GetDlgCtrlID.USER32 ref: 009E1F6F
                                                                • GetParent.USER32 ref: 009E1F8B
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E1F8E
                                                                • GetDlgCtrlID.USER32(?), ref: 009E1F97
                                                                • GetParent.USER32(?), ref: 009E1FAB
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E1FAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: c9f9f3f5530cd89ad90f5c45e6b029374da8af4c6f0cdf432195d56df4d05f98
                                                                • Instruction ID: a26bad189a61e9c4304f60895d57eeffb9e38f1ad4f4b4b3d4fd96341692d636
                                                                • Opcode Fuzzy Hash: c9f9f3f5530cd89ad90f5c45e6b029374da8af4c6f0cdf432195d56df4d05f98
                                                                • Instruction Fuzzy Hash: B621FF74900214BFCF01EFA0CC84EFEBBB9EF45310B108505F961A32A1DB398949CBA0
                                                                Function 009E1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 009E2043
                                                                • GetDlgCtrlID.USER32 ref: 009E204E
                                                                • GetParent.USER32 ref: 009E206A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E206D
                                                                • GetDlgCtrlID.USER32(?), ref: 009E2076
                                                                • GetParent.USER32(?), ref: 009E208A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E208D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: c9b71e534befcd39c7012d54b5b37a65ef017b60dc8253fe1334835bc93fad79
                                                                • Instruction ID: ab269299d6113199869cb1ad8022025779501ff1dc7e3d5eb8bbceb56fa1a4fa
                                                                • Opcode Fuzzy Hash: c9b71e534befcd39c7012d54b5b37a65ef017b60dc8253fe1334835bc93fad79
                                                                • Instruction Fuzzy Hash: 4021C275940214BFCF11EFA0CC45EFEBBB8EF45310F108405B965A72A1DA798915DB60
                                                                Function 00A13A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A13A9D
                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A13AA0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A13AC7
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A13AEA
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A13B62
                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A13BAC
                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A13BC7
                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A13BE2
                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A13BF6
                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A13C13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$LongWindow
                                                                • String ID:
                                                                • API String ID: 312131281-0
                                                                • Opcode ID: b8c8beca91a4c509a155a3fab42b2d19b8a2c60cc9718ba9046835a867ced0b4
                                                                • Instruction ID: 1d8fb2ddaddfb223e9473c8413334a48d112e03fbbb59de3cf387db68bb4d18a
                                                                • Opcode Fuzzy Hash: b8c8beca91a4c509a155a3fab42b2d19b8a2c60cc9718ba9046835a867ced0b4
                                                                • Instruction Fuzzy Hash: E6617A75900248EFDB10DFA8CC81EEE77B8EB09710F104199FA15EB2A1D774AE86DB50
                                                                Function 009EB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 009EB151
                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB165
                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 009EB16C
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB17B
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 009EB18D
                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB1A6
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB1B8
                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB1FD
                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB212
                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,009EA1E1,?,00000001), ref: 009EB21D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                • String ID:
                                                                • API String ID: 2156557900-0
                                                                • Opcode ID: 7560840adcd413055d8c4e02156b03e7e336a9387eec811e6d3ca98d428d80d4
                                                                • Instruction ID: a5da461e82d2306748a3bec46f8a73c1b78b8b439dd2189a29d176de88c00e6d
                                                                • Opcode Fuzzy Hash: 7560840adcd413055d8c4e02156b03e7e336a9387eec811e6d3ca98d428d80d4
                                                                • Instruction Fuzzy Hash: 29317F76540344AFDF12DFA5DC44BAE7BADBFA1362F108005FA11D6290D7B49E428F64
                                                                Function 009B2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 009B2C94
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009B2CA0
                                                                • _free.LIBCMT ref: 009B2CAB
                                                                • _free.LIBCMT ref: 009B2CB6
                                                                • _free.LIBCMT ref: 009B2CC1
                                                                • _free.LIBCMT ref: 009B2CCC
                                                                • _free.LIBCMT ref: 009B2CD7
                                                                • _free.LIBCMT ref: 009B2CE2
                                                                • _free.LIBCMT ref: 009B2CED
                                                                • _free.LIBCMT ref: 009B2CFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: a5d78b79a23f8599ee1b3f7cbced5f47ecb5ab8d672c7fe7606b1dc6e82db414
                                                                • Instruction ID: 64834dab36878a3764ac5f8550d2df23f2033d86de1d680e4e9841eaee6f24f4
                                                                • Opcode Fuzzy Hash: a5d78b79a23f8599ee1b3f7cbced5f47ecb5ab8d672c7fe7606b1dc6e82db414
                                                                • Instruction Fuzzy Hash: 11115976510108BFCB02EF54DA42DDD3BA5FF45360F5149A5F94C5F222DA31EE509B90
                                                                Function 009F7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009F7FAD
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F7FC1
                                                                • GetFileAttributesW.KERNEL32(?), ref: 009F7FEB
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 009F8005
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8017
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8060
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009F80B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory$AttributesFile
                                                                • String ID: *.*
                                                                • API String ID: 769691225-438819550
                                                                • Opcode ID: 44de7f5cac3685705989a3ac368cc09cc57f283b82f8d3131f90bc3352edb871
                                                                • Instruction ID: c890e22acd9b2ce9bd8d5d08c1dfc66c6f1575ec5e6c3a495c8bd31dc174a472
                                                                • Opcode Fuzzy Hash: 44de7f5cac3685705989a3ac368cc09cc57f283b82f8d3131f90bc3352edb871
                                                                • Instruction Fuzzy Hash: E281AF715082099BCB20EF94C844ABAF3E8BF89314F584C5EFA95D7260EB34DD458B92
                                                                Function 00985BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00985C7A
                                                                  • Part of subcall function 00985D0A: GetClientRect.USER32(?,?), ref: 00985D30
                                                                  • Part of subcall function 00985D0A: GetWindowRect.USER32(?,?), ref: 00985D71
                                                                  • Part of subcall function 00985D0A: ScreenToClient.USER32(?,?), ref: 00985D99
                                                                • GetDC.USER32 ref: 009C46F5
                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 009C4708
                                                                • SelectObject.GDI32(00000000,00000000), ref: 009C4716
                                                                • SelectObject.GDI32(00000000,00000000), ref: 009C472B
                                                                • ReleaseDC.USER32(?,00000000), ref: 009C4733
                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 009C47C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                • String ID: U
                                                                • API String ID: 4009187628-3372436214
                                                                • Opcode ID: 1c5be201fa5ae79157362fae69933f9981d264c5b04ac0160ab49829204f95fb
                                                                • Instruction ID: 6617c55a256eba91079bd95159b6b12b1ed8032e6a77478eb2a8a629d148892b
                                                                • Opcode Fuzzy Hash: 1c5be201fa5ae79157362fae69933f9981d264c5b04ac0160ab49829204f95fb
                                                                • Instruction Fuzzy Hash: 3571BC31A00205DFCF21DF64C9A4FEA3BB9FF4A364F144669ED555A2AAC3308851DF52
                                                                Function 009F359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009F35E4
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • LoadStringW.USER32(00A52390,?,00000FFF,?), ref: 009F360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-2391861430
                                                                • Opcode ID: 5e31bbe4c355802323f733320a87240b82ee4c84831d069d4d26e335e96cb9c8
                                                                • Instruction ID: f8c6f080c757e25164ab4cc444994bccf343113182004e112f0d5f05aee3e27c
                                                                • Opcode Fuzzy Hash: 5e31bbe4c355802323f733320a87240b82ee4c84831d069d4d26e335e96cb9c8
                                                                • Instruction Fuzzy Hash: D0514B7180020ABADF15FBA0CC46FFDBB78AF94350F148125F205722A1EB351B99DBA1
                                                                Function 00A18B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                  • Part of subcall function 0099912D: GetCursorPos.USER32(?), ref: 00999141
                                                                  • Part of subcall function 0099912D: ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                  • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                  • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00A18B6B
                                                                • ImageList_EndDrag.COMCTL32 ref: 00A18B71
                                                                • ReleaseCapture.USER32 ref: 00A18B77
                                                                • SetWindowTextW.USER32(?,00000000), ref: 00A18C12
                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00A18C25
                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00A18CFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                • API String ID: 1924731296-2107944366
                                                                • Opcode ID: f75f6a5b22b45ceac2e58dddf701cdca4db5c8e726a322bdbe4a1c288eb6d451
                                                                • Instruction ID: 2d881630fc7a69e56e48b28a6200871815c12d583fc6bd8d40891724fc2f82eb
                                                                • Opcode Fuzzy Hash: f75f6a5b22b45ceac2e58dddf701cdca4db5c8e726a322bdbe4a1c288eb6d451
                                                                • Instruction Fuzzy Hash: AE518970104300AFD700EF64DC96FAA77E5FB88715F400A2DF996A72A1CB759944CBA2
                                                                Function 009FC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 009FC272
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009FC29A
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 009FC2CA
                                                                • GetLastError.KERNEL32 ref: 009FC322
                                                                • SetEvent.KERNEL32(?), ref: 009FC336
                                                                • InternetCloseHandle.WININET(00000000), ref: 009FC341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                • String ID:
                                                                • API String ID: 3113390036-3916222277
                                                                • Opcode ID: 09ee38b0d90b73c6b6b9588c7cb575a8b25be7451cd5b3a098a1c4ed63428e7b
                                                                • Instruction ID: ad5e7aceedb66219e5a07d3a256c01556378cd9c4baa39b2ed1854e4fdaedd13
                                                                • Opcode Fuzzy Hash: 09ee38b0d90b73c6b6b9588c7cb575a8b25be7451cd5b3a098a1c4ed63428e7b
                                                                • Instruction Fuzzy Hash: 0A319AB160020CAFD721DFA48E88ABB7BFCEB49794B14C51EF546D2240DB74ED059B61
                                                                Function 009E989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,009C3AAF,?,?,Bad directive syntax error,00A1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009E98BC
                                                                • LoadStringW.USER32(00000000,?,009C3AAF,?), ref: 009E98C3
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 009E9987
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                • API String ID: 858772685-4153970271
                                                                • Opcode ID: ffd60f99588afb90a54bce0e49af26541803074f77c5125e107dfd2838c8cdba
                                                                • Instruction ID: 73ac59a034204345e0b8b154cc4abfe74bc5286b06ba00beae90d3ebb09f2466
                                                                • Opcode Fuzzy Hash: ffd60f99588afb90a54bce0e49af26541803074f77c5125e107dfd2838c8cdba
                                                                • Instruction Fuzzy Hash: 2721803194021ABBCF16EF90CC06FEE7739FF59700F04881AF519661A2EB759A18DB51
                                                                Function 009E209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32 ref: 009E20AB
                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 009E20C0
                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 009E214D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameParentSend
                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                • API String ID: 1290815626-3381328864
                                                                • Opcode ID: f14131541147006197e7b5658529dbc03efd708b1f5cc4d101d18ad40df8857a
                                                                • Instruction ID: 59ea73f9b92e4ee68a6e5370ae67a436d5160118f8b2cbb303cc5091c3bac9d0
                                                                • Opcode Fuzzy Hash: f14131541147006197e7b5658529dbc03efd708b1f5cc4d101d18ad40df8857a
                                                                • Instruction Fuzzy Hash: 7B11297A6CC706BAF6026331EC07EE6379CDF46324B200416FB04A50E2FEB5AD035654
                                                                Function 009B8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12c771a80df4127f05c9a9d93c4fe518448f62244f65879e25e22816f4004635
                                                                • Instruction ID: 29937a0ba75311bdb5150ea1142969c0dcc8a5850072ac8ff84a3cd5777b5bdf
                                                                • Opcode Fuzzy Hash: 12c771a80df4127f05c9a9d93c4fe518448f62244f65879e25e22816f4004635
                                                                • Instruction Fuzzy Hash: C7C1F474904349AFCB11EFE8D945BEEBBB8BF4A320F144199F914A7392C7349942CB61
                                                                Function 009BCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                • String ID:
                                                                • API String ID: 1282221369-0
                                                                • Opcode ID: d20f90b118eb66445beff2f10914a7a212a2752b00edb4e2c197a70ffef8ad21
                                                                • Instruction ID: b66297b05868fdb54cc73603d252ad424516e943a95e6ba356de892f4e81b2e4
                                                                • Opcode Fuzzy Hash: d20f90b118eb66445beff2f10914a7a212a2752b00edb4e2c197a70ffef8ad21
                                                                • Instruction Fuzzy Hash: F76129B2905301BFDB21AFF49A81BFA7BA9EF45330F0445ADF944A7282E6319D018790
                                                                Function 00A150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00A15186
                                                                • ShowWindow.USER32(?,00000000), ref: 00A151C7
                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 00A151CD
                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00A151D1
                                                                  • Part of subcall function 00A16FBA: DeleteObject.GDI32(00000000), ref: 00A16FE6
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A1520D
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A1521A
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00A1524D
                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00A15287
                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00A15296
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                • String ID:
                                                                • API String ID: 3210457359-0
                                                                • Opcode ID: 02ab91cb57fe9ccae3155ec3a3149e7d6042236f6f6078394b09a84989b313fc
                                                                • Instruction ID: db5ba6f0589cb32c97052eaba25cf2f1c9744b943db32ad72a189fd6f8817cb8
                                                                • Opcode Fuzzy Hash: 02ab91cb57fe9ccae3155ec3a3149e7d6042236f6f6078394b09a84989b313fc
                                                                • Instruction Fuzzy Hash: A8517031E90A08FEEF21AF78CC49BD93B65BB85321F148215F625962E0C7B5A9D0DB41
                                                                Function 00998B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 009D6890
                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009D68A9
                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009D68B9
                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009D68D1
                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009D68F2
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00998874,00000000,00000000,00000000,000000FF,00000000), ref: 009D6901
                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 009D691E
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00998874,00000000,00000000,00000000,000000FF,00000000), ref: 009D692D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 1268354404-0
                                                                • Opcode ID: 7e50035ac2264b8a6fe50abdfdfadf64083a9ace994e50864abf5ddb6021eab1
                                                                • Instruction ID: a0e012240574d30e49cf1bd74eae8ddfae508eb7a1c5753e8230d54743f7520e
                                                                • Opcode Fuzzy Hash: 7e50035ac2264b8a6fe50abdfdfadf64083a9ace994e50864abf5ddb6021eab1
                                                                • Instruction Fuzzy Hash: 2F518870640209EFDF20CF68CC55BAA7BBAFB58760F14891DF912972A0DB74E991DB40
                                                                Function 009FC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009FC182
                                                                • GetLastError.KERNEL32 ref: 009FC195
                                                                • SetEvent.KERNEL32(?), ref: 009FC1A9
                                                                  • Part of subcall function 009FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 009FC272
                                                                  • Part of subcall function 009FC253: GetLastError.KERNEL32 ref: 009FC322
                                                                  • Part of subcall function 009FC253: SetEvent.KERNEL32(?), ref: 009FC336
                                                                  • Part of subcall function 009FC253: InternetCloseHandle.WININET(00000000), ref: 009FC341
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                • String ID:
                                                                • API String ID: 337547030-0
                                                                • Opcode ID: 1f269a1e94cbcf3a8e7580f2637ccd7cd3bce9a6f6fcbd6cb970b9c17a8b0ceb
                                                                • Instruction ID: c57ce617caa4b3186952ab91940a701b646d9e6d789d02157dbcf96d84ff3930
                                                                • Opcode Fuzzy Hash: 1f269a1e94cbcf3a8e7580f2637ccd7cd3bce9a6f6fcbd6cb970b9c17a8b0ceb
                                                                • Instruction Fuzzy Hash: A6318BB124060DAFDB219FE59E44AF6BBE8FF58320B14C41DFA6682611C730E8159B60
                                                                Function 009E25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                  • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                  • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E25BD
                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009E25DB
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009E25DF
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E25E9
                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 009E2601
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 009E2605
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E260F
                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 009E2623
                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 009E2627
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                • String ID:
                                                                • API String ID: 2014098862-0
                                                                • Opcode ID: 3cddbe7e8ea17db3aac18fdd769a4fce10d956964f69cb2d2be8ecbed717ee7f
                                                                • Instruction ID: dead46333b6bcbb873092e42e4d06ff1e805c037b1004b2071915f42ca69a5b3
                                                                • Opcode Fuzzy Hash: 3cddbe7e8ea17db3aac18fdd769a4fce10d956964f69cb2d2be8ecbed717ee7f
                                                                • Instruction Fuzzy Hash: 4801D8303D0364BBFB10A7A9DC8EF993F59DB8EB21F104011F358AF0D1C9E118458A69
                                                                Function 009E1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,009E1449,?,?,00000000), ref: 009E180C
                                                                • HeapAlloc.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E1813
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,009E1449,?,?,00000000), ref: 009E1828
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,009E1449,?,?,00000000), ref: 009E1830
                                                                • DuplicateHandle.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E1833
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,009E1449,?,?,00000000), ref: 009E1843
                                                                • GetCurrentProcess.KERNEL32(009E1449,00000000,?,009E1449,?,?,00000000), ref: 009E184B
                                                                • DuplicateHandle.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E184E
                                                                • CreateThread.KERNEL32(00000000,00000000,009E1874,00000000,00000000,00000000), ref: 009E1868
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                • String ID:
                                                                • API String ID: 1957940570-0
                                                                • Opcode ID: 882c0a994731823158184c5e8e0bf6d12a22ab79834400bdec90254fabcd1650
                                                                • Instruction ID: 519dc912583f42bd5d2b3638bf07e9561327de0df89a22db476e90b88151b18a
                                                                • Opcode Fuzzy Hash: 882c0a994731823158184c5e8e0bf6d12a22ab79834400bdec90254fabcd1650
                                                                • Instruction Fuzzy Hash: 4501BFB52C0344BFE710EBA5DC4DF977B6CEB89B11F008511FA05DB191C6709801CB20
                                                                Function 00A0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 009ED501
                                                                  • Part of subcall function 009ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 009ED50F
                                                                  • Part of subcall function 009ED4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 009ED5DC
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A0A16D
                                                                • GetLastError.KERNEL32 ref: 00A0A180
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A0A1B3
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00A0A268
                                                                • GetLastError.KERNEL32(00000000), ref: 00A0A273
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0A2C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 1701285019-2896544425
                                                                • Opcode ID: ce79111e1d60a8b8936d22c039667bb13c84c53980604e89f7ad363265455a7e
                                                                • Instruction ID: 44c48c63f344401e66e41aaf9b57a872cae9d1c00f6691159a20061962e81308
                                                                • Opcode Fuzzy Hash: ce79111e1d60a8b8936d22c039667bb13c84c53980604e89f7ad363265455a7e
                                                                • Instruction Fuzzy Hash: B1617C71204342AFD710DF15D494F59BBA1AFA8318F14849CE4668B7E3C772ED45CB92
                                                                Function 00A13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A13925
                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A1393A
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A13954
                                                                • _wcslen.LIBCMT ref: 00A13999
                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00A139C6
                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A139F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window_wcslen
                                                                • String ID: SysListView32
                                                                • API String ID: 2147712094-78025650
                                                                • Opcode ID: b4c4154f136de344c1305c3a60e41dfc296bf45e0892dcc7323565e7e43738ec
                                                                • Instruction ID: c3764c39f0c2982875077089cb3af6d37ea3d2d2d5b2055503bf9a155f1b1eed
                                                                • Opcode Fuzzy Hash: b4c4154f136de344c1305c3a60e41dfc296bf45e0892dcc7323565e7e43738ec
                                                                • Instruction Fuzzy Hash: 2E418172A00219ABEF219F64CC45BEA7BA9FF48350F100526F958E7281D7759E94CB90
                                                                Function 009EBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009EBCFD
                                                                • IsMenu.USER32(00000000), ref: 009EBD1D
                                                                • CreatePopupMenu.USER32 ref: 009EBD53
                                                                • GetMenuItemCount.USER32(016C5F68), ref: 009EBDA4
                                                                • InsertMenuItemW.USER32(016C5F68,?,00000001,00000030), ref: 009EBDCC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                • String ID: 0$2
                                                                • API String ID: 93392585-3793063076
                                                                • Opcode ID: 11f39d49b84b8f5cf9044b8f5eef02bf6496560539bb03a2211eb5e13fe9d43e
                                                                • Instruction ID: 918febb205383624de96554564321f39ad35ace7c600fe664b46f04c083c3956
                                                                • Opcode Fuzzy Hash: 11f39d49b84b8f5cf9044b8f5eef02bf6496560539bb03a2211eb5e13fe9d43e
                                                                • Instruction Fuzzy Hash: C251BEB0A00289ABDF12CFAADC84BAFBBF9BF85324F148119E551972D0D7709D81CB51
                                                                Function 009EC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000000,00007F03), ref: 009EC913
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoad
                                                                • String ID: blank$info$question$stop$warning
                                                                • API String ID: 2457776203-404129466
                                                                • Opcode ID: f0f1bb452b8ce105a9d2337bcf703dfb356b6b6ea50108f9c557ce6860598d0b
                                                                • Instruction ID: 6bcb7d90ae21acbd664ee5d54e023ec5058721accfe7e00f53f9a2e9a6b07b03
                                                                • Opcode Fuzzy Hash: f0f1bb452b8ce105a9d2337bcf703dfb356b6b6ea50108f9c557ce6860598d0b
                                                                • Instruction Fuzzy Hash: 81118C76689346BEE7029B55DD83DEE379CDF56324B20042AF440A62C3E7F85E0252A9
                                                                Function 009EDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                • String ID: 0.0.0.0
                                                                • API String ID: 642191829-3771769585
                                                                • Opcode ID: 45164278f28ba3b78d8f3018b8ff75f0640da1f554fefae06f436077ee84f819
                                                                • Instruction ID: c4219bac310ae4daef22b698035c0bca7915a2ffe3292d8772f487f2a035bfe7
                                                                • Opcode Fuzzy Hash: 45164278f28ba3b78d8f3018b8ff75f0640da1f554fefae06f436077ee84f819
                                                                • Instruction Fuzzy Hash: 7F110631904114BFCB21AB61DC4EFEF77ACDF91720F0001A9F4059A091EFB18E818A91
                                                                Function 00A19F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00A19FC7
                                                                • GetSystemMetrics.USER32(0000000F), ref: 00A19FE7
                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00A1A224
                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00A1A242
                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00A1A263
                                                                • ShowWindow.USER32(00000003,00000000), ref: 00A1A282
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00A1A2A7
                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00A1A2CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                • String ID:
                                                                • API String ID: 1211466189-0
                                                                • Opcode ID: 7c7b43cfd639480b1d8931b1611d8b0bfb1110a5feb461213a52122e2b020442
                                                                • Instruction ID: c331429bbd1089ea0315cf0f44e00f61313c30909fa76eb67793d075d003b6c3
                                                                • Opcode Fuzzy Hash: 7c7b43cfd639480b1d8931b1611d8b0bfb1110a5feb461213a52122e2b020442
                                                                • Instruction Fuzzy Hash: BEB1A831601215EFDF14CF68C9857EE7BF2BF68711F088169EC49AB2A5D731A980CB51
                                                                Function 009EED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$LocalTime
                                                                • String ID:
                                                                • API String ID: 952045576-0
                                                                • Opcode ID: 0017f2d240eeed9f9599c06b3120c85055ad8af7a7100d539dff73ff7b82d84f
                                                                • Instruction ID: e495e61a98cf468978a4fed5ed59fefc4f54fbe69111a412c67e5c30ca79238b
                                                                • Opcode Fuzzy Hash: 0017f2d240eeed9f9599c06b3120c85055ad8af7a7100d539dff73ff7b82d84f
                                                                • Instruction Fuzzy Hash: CE419065C10258B5CB11EBF48C8ABCFB7ACAF86710F508466E924E3121EB34E655C7E5
                                                                Function 0099F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 0099F953
                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 009DF3D1
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 009DF454
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: 0099489d55bba76b9d2ee3b29d5d9425940b73efff9a926a6076dd25d5a16568
                                                                • Instruction ID: 303dc4624b900ee95acb74ec4b265c758d45527f0aaf024e6bdcde0e2d84ab19
                                                                • Opcode Fuzzy Hash: 0099489d55bba76b9d2ee3b29d5d9425940b73efff9a926a6076dd25d5a16568
                                                                • Instruction Fuzzy Hash: 13413B31244640BEDF38DB3DC8B876AFB9AAB56364F14C43DE047D6660D675A881C710
                                                                Function 00A12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 00A12D1B
                                                                • GetDC.USER32(00000000), ref: 00A12D23
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A12D2E
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00A12D3A
                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A12D76
                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A12D87
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00A12DC2
                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A12DE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                • String ID:
                                                                • API String ID: 3864802216-0
                                                                • Opcode ID: 3c90fc37c82013648a78ba0ef1b41207026d385957de9f0db1bd3ca2606d397a
                                                                • Instruction ID: c13b1d909920790b2cbcd601b869dd1a24d5e9881a98fe073374aa5ab57bd9a3
                                                                • Opcode Fuzzy Hash: 3c90fc37c82013648a78ba0ef1b41207026d385957de9f0db1bd3ca2606d397a
                                                                • Instruction Fuzzy Hash: 67319C72241214BFEB118F50DC8AFEB3BADEF09761F048055FE089A291C6759C51CBA4
                                                                Function 009E5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 3f284848acd6d5310b5028091f6152bc7c540afa2377b4f94ff81c8adade535c
                                                                • Instruction ID: 443cfc3f9a228f10715c89f2c0e7f6e4beac2da3e456829d1ea05426c51d95e2
                                                                • Opcode Fuzzy Hash: 3f284848acd6d5310b5028091f6152bc7c540afa2377b4f94ff81c8adade535c
                                                                • Instruction Fuzzy Hash: 5A21EE71744A89BFDA169A228E92FFB335CBF6178CF450430FD049A581FB65ED1081E5
                                                                Function 00A04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                • API String ID: 0-572801152
                                                                • Opcode ID: 093722b4dc74f31e4a06df005c32670841dcfac7ce0d11938db9857ac5000379
                                                                • Instruction ID: be24ef59bff360109649013a919add53f0d3f86af88ded3927f814239ae59bc9
                                                                • Opcode Fuzzy Hash: 093722b4dc74f31e4a06df005c32670841dcfac7ce0d11938db9857ac5000379
                                                                • Instruction Fuzzy Hash: 46D1BE75E0060AAFDF10DFA8E891BAEB7B5BF48304F148569E915AB281E370DD41CF90
                                                                Function 009C1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 009C15CE
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C1651
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,009C17FB,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C16E4
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C16FB
                                                                  • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C1777
                                                                • __freea.LIBCMT ref: 009C17A2
                                                                • __freea.LIBCMT ref: 009C17AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                • String ID:
                                                                • API String ID: 2829977744-0
                                                                • Opcode ID: e98fcc8face0766bfa6c1ef069963981935a1ff8e3eef3a3461fd3be8a7a743e
                                                                • Instruction ID: 6be01a621404a29ad7cdcfc66cf35f5105a4e938ecb14abd9d55cf7a2e069f7d
                                                                • Opcode Fuzzy Hash: e98fcc8face0766bfa6c1ef069963981935a1ff8e3eef3a3461fd3be8a7a743e
                                                                • Instruction Fuzzy Hash: DE91B371E002569ADF208EA4C951FEEBBB99F8A310F18465DF805E7182D735CD40CBAA
                                                                Function 00A04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit
                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                • API String ID: 2610073882-625585964
                                                                • Opcode ID: 780a9d537172fb1680afc104127643f5923987d72d684c4b0c2ceefdb7b80c5d
                                                                • Instruction ID: 39cdb9ec387d6128aeddd0dc0b598add0e2ff702cde51aaa0a8ea4fa2fcfdfce
                                                                • Opcode Fuzzy Hash: 780a9d537172fb1680afc104127643f5923987d72d684c4b0c2ceefdb7b80c5d
                                                                • Instruction Fuzzy Hash: 959173B1A00219AFDF20CFA5D844FAEB7B8FF89714F108559F615AB281D7709941CFA0
                                                                Function 009F1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 009F125C
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 009F1284
                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009F12A8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F12D8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F135F
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F13C4
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F1430
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                • String ID:
                                                                • API String ID: 2550207440-0
                                                                • Opcode ID: 5b092ef924d8e0a044447c3b15bc2672c25c550ef66ddde1bbcad799cfda909c
                                                                • Instruction ID: f44e138efc3c78415b85b8bb2fcc3e7f344f2f43351e783fa1faf7b871809fe5
                                                                • Opcode Fuzzy Hash: 5b092ef924d8e0a044447c3b15bc2672c25c550ef66ddde1bbcad799cfda909c
                                                                • Instruction Fuzzy Hash: 2F919D71A00219DFDB00DF98C885BBEB7B9FF85325F104429EA50EB2A1D774A941CB90
                                                                Function 0099948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: e74ba7c39bb192cd442d53091a09f195faeb01668c5a206daaf65281230b5923
                                                                • Instruction ID: ce72e9b4724386fe3999830c1fcbd0025bb4555aa7037845cb05c13667bfbb16
                                                                • Opcode Fuzzy Hash: e74ba7c39bb192cd442d53091a09f195faeb01668c5a206daaf65281230b5923
                                                                • Instruction Fuzzy Hash: 34913671D44219EFCF10CFA9C884AEEBBB8FF49320F148459E915B7251D378A942CB60
                                                                Function 00A03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 00A0396B
                                                                • CharUpperBuffW.USER32(?,?), ref: 00A03A7A
                                                                • _wcslen.LIBCMT ref: 00A03A8A
                                                                • VariantClear.OLEAUT32(?), ref: 00A03C1F
                                                                  • Part of subcall function 009F0CDF: VariantInit.OLEAUT32(00000000), ref: 009F0D1F
                                                                  • Part of subcall function 009F0CDF: VariantCopy.OLEAUT32(?,?), ref: 009F0D28
                                                                  • Part of subcall function 009F0CDF: VariantClear.OLEAUT32(?), ref: 009F0D34
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                • API String ID: 4137639002-1221869570
                                                                • Opcode ID: 9ca2d3865de8b2f6f5bdbc891ae73883c19f4b12b1026cd37d4b0a3efe4d27d5
                                                                • Instruction ID: 3a68f034b8f20c0d9b0d6eeaea5058c576ffe21a986eafd99b6a69d627cc92d4
                                                                • Opcode Fuzzy Hash: 9ca2d3865de8b2f6f5bdbc891ae73883c19f4b12b1026cd37d4b0a3efe4d27d5
                                                                • Instruction Fuzzy Hash: 569148756083459FCB04EF64D48096AB7E8BFC9354F14882DF8999B391DB31EE05CB92
                                                                Function 00A04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?,?,009E035E), ref: 009E002B
                                                                  • Part of subcall function 009E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0046
                                                                  • Part of subcall function 009E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0054
                                                                  • Part of subcall function 009E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?), ref: 009E0064
                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A04C51
                                                                • _wcslen.LIBCMT ref: 00A04D59
                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A04DCF
                                                                • CoTaskMemFree.OLE32(?), ref: 00A04DDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                • String ID: NULL Pointer assignment
                                                                • API String ID: 614568839-2785691316
                                                                • Opcode ID: 2e6911e63a533eecb323922d105ed37442838371529a02afdbb66ad681581a20
                                                                • Instruction ID: 1ff9a9dd21b1fa7b6f18f9857accd8fb29d7c1ec86478c94dd9a1af2b618be07
                                                                • Opcode Fuzzy Hash: 2e6911e63a533eecb323922d105ed37442838371529a02afdbb66ad681581a20
                                                                • Instruction Fuzzy Hash: 829129B1D0021DAFDF14EFA4D891AEEB7B8BF48310F10816AE515A7291EB309E45CF60
                                                                Function 00A120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenu.USER32(?), ref: 00A12183
                                                                • GetMenuItemCount.USER32(00000000), ref: 00A121B5
                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A121DD
                                                                • _wcslen.LIBCMT ref: 00A12213
                                                                • GetMenuItemID.USER32(?,?), ref: 00A1224D
                                                                • GetSubMenu.USER32(?,?), ref: 00A1225B
                                                                  • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                  • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                  • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A122E3
                                                                  • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                • String ID:
                                                                • API String ID: 4196846111-0
                                                                • Opcode ID: 93695345757469335e9c7ebcd2526d988e0f8ca027fcf1aee4ba2211e6e625da
                                                                • Instruction ID: 7d2f861b42ef2ad41352ad510eda4664eab65f82f062881e13534e399f2fc032
                                                                • Opcode Fuzzy Hash: 93695345757469335e9c7ebcd2526d988e0f8ca027fcf1aee4ba2211e6e625da
                                                                • Instruction Fuzzy Hash: 5B716F75A00205AFCB14EFA8C845BEEB7F5EF88320F148459E956EB351D734ED918B90
                                                                Function 00A17E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(016C5D38), ref: 00A17F37
                                                                • IsWindowEnabled.USER32(016C5D38), ref: 00A17F43
                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00A1801E
                                                                • SendMessageW.USER32(016C5D38,000000B0,?,?), ref: 00A18051
                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00A18089
                                                                • GetWindowLongW.USER32(016C5D38,000000EC), ref: 00A180AB
                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00A180C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                • String ID:
                                                                • API String ID: 4072528602-0
                                                                • Opcode ID: 18715e3849eae1228243b58cc3a24481aef86b515e34e4114c7ce2ecffb782f0
                                                                • Instruction ID: 82185c8cd9da16638a2448c6e9d05564594858d57c493d663fa115496a321118
                                                                • Opcode Fuzzy Hash: 18715e3849eae1228243b58cc3a24481aef86b515e34e4114c7ce2ecffb782f0
                                                                • Instruction Fuzzy Hash: 99717A74608204AFEB21DF64C884FEFBBB9EF09310F145459E955972A1CB35AD86CB20
                                                                Function 009EAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(?), ref: 009EAEF9
                                                                • GetKeyboardState.USER32(?), ref: 009EAF0E
                                                                • SetKeyboardState.USER32(?), ref: 009EAF6F
                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 009EAF9D
                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 009EAFBC
                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 009EAFFD
                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 009EB020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: ac0457b4d7592f7ad098dece27aae32ab2aca81a050481c6b6ce7261c666b690
                                                                • Instruction ID: d409124d82289796c2be315928a796bee86c09606663acd538a80c5b2157558c
                                                                • Opcode Fuzzy Hash: ac0457b4d7592f7ad098dece27aae32ab2aca81a050481c6b6ce7261c666b690
                                                                • Instruction Fuzzy Hash: 6751AFA06047D53DFB3783368C45BBBBEA95B46304F088989E1E9558E2C398FC88D751
                                                                Function 009EACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 009EAD19
                                                                • GetKeyboardState.USER32(?), ref: 009EAD2E
                                                                • SetKeyboardState.USER32(?), ref: 009EAD8F
                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 009EADBB
                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 009EADD8
                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 009EAE17
                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 009EAE38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: a183f1c04071ec4f96e969b352201de918625c829d5cf4754af77086ddb4f43c
                                                                • Instruction ID: 0630ed468f727cea1795a14a3476f2e4ed041d7100d607671e60297da19181f5
                                                                • Opcode Fuzzy Hash: a183f1c04071ec4f96e969b352201de918625c829d5cf4754af77086ddb4f43c
                                                                • Instruction Fuzzy Hash: A851D1A15047D53DFB3382668C95BBABEAD6F46300F08848CE1D9468E2C294FC88D762
                                                                Function 009B542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleCP.KERNEL32(009C3CD6,?,?,?,?,?,?,?,?,009B5BA3,?,?,009C3CD6,?,?), ref: 009B5470
                                                                • __fassign.LIBCMT ref: 009B54EB
                                                                • __fassign.LIBCMT ref: 009B5506
                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,009C3CD6,00000005,00000000,00000000), ref: 009B552C
                                                                • WriteFile.KERNEL32(?,009C3CD6,00000000,009B5BA3,00000000,?,?,?,?,?,?,?,?,?,009B5BA3,?), ref: 009B554B
                                                                • WriteFile.KERNEL32(?,?,00000001,009B5BA3,00000000,?,?,?,?,?,?,?,?,?,009B5BA3,?), ref: 009B5584
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                • String ID:
                                                                • API String ID: 1324828854-0
                                                                • Opcode ID: e5e7ec65b03eb2cfc861b9875dabd16ac5694199e27284094e7e512ba9a1cc47
                                                                • Instruction ID: 9695fc074a3d171c90828254aebfa5a3669aeeca4e8f83c522114b80cb721805
                                                                • Opcode Fuzzy Hash: e5e7ec65b03eb2cfc861b9875dabd16ac5694199e27284094e7e512ba9a1cc47
                                                                • Instruction Fuzzy Hash: 9F510270A00609AFDB20CFA8D985BEEBBF9EF09321F15411AF955E7291D770DA41CB60
                                                                Function 009A2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 009A2D4B
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 009A2D53
                                                                • _ValidateLocalCookies.LIBCMT ref: 009A2DE1
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 009A2E0C
                                                                • _ValidateLocalCookies.LIBCMT ref: 009A2E61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: 4593c94286b64bc6f2f3dd6df2839ca3863cd0cde693d5cba0f1514e49878de3
                                                                • Instruction ID: d93300ed88ee8a44dbd577cdf58f311f6037401ea7c2c8d7ae687bb775c6328b
                                                                • Opcode Fuzzy Hash: 4593c94286b64bc6f2f3dd6df2839ca3863cd0cde693d5cba0f1514e49878de3
                                                                • Instruction Fuzzy Hash: EF417134A01209ABCF10DF6CC845A9EBBB9BF86328F148155E8146B392D735EA55CBD0
                                                                Function 00A010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00A0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                  • Part of subcall function 00A0304E: _wcslen.LIBCMT ref: 00A0309B
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A01112
                                                                • WSAGetLastError.WSOCK32 ref: 00A01121
                                                                • WSAGetLastError.WSOCK32 ref: 00A011C9
                                                                • closesocket.WSOCK32(00000000), ref: 00A011F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 2675159561-0
                                                                • Opcode ID: fe07f190adc204147e978c6c4811091507c2547f66ca15d3940f341b0aeadbbb
                                                                • Instruction ID: 02af2845d97112b9c598529fd7012f923348100e0760a59ee61d7990c897b8ca
                                                                • Opcode Fuzzy Hash: fe07f190adc204147e978c6c4811091507c2547f66ca15d3940f341b0aeadbbb
                                                                • Instruction Fuzzy Hash: 7141C371600208AFDB14DF54D884BEABBE9EF85324F148159F9159B2D1D770ED42CBE1
                                                                Function 009ECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,009ECF22,?), ref: 009EDDFD
                                                                  • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,009ECF22,?), ref: 009EDE16
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 009ECF45
                                                                • MoveFileW.KERNEL32(?,?), ref: 009ECF7F
                                                                • _wcslen.LIBCMT ref: 009ED005
                                                                • _wcslen.LIBCMT ref: 009ED01B
                                                                • SHFileOperationW.SHELL32(?), ref: 009ED061
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                • String ID: \*.*
                                                                • API String ID: 3164238972-1173974218
                                                                • Opcode ID: 1f27cde6e76b02666da86a3b2bd5a1220e3f346abd87c49d79b6edb1eede1acb
                                                                • Instruction ID: 07204f6299b5ebdf215ab42f33085a38c4d2f4fafbcda1369896342028cc089f
                                                                • Opcode Fuzzy Hash: 1f27cde6e76b02666da86a3b2bd5a1220e3f346abd87c49d79b6edb1eede1acb
                                                                • Instruction Fuzzy Hash: EB4166B19452585FDF13EFA5C981BDEB7BDAF48380F0004E6E545EB141EB34AA85CB50
                                                                Function 00A12DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A12E1C
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A12E4F
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A12E84
                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A12EB6
                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A12EE0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A12EF1
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A12F0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$MessageSend
                                                                • String ID:
                                                                • API String ID: 2178440468-0
                                                                • Opcode ID: 2fd14be2e601c332b5a6b9039bddd5f708b59ce434f7541bc1a42dd40080f867
                                                                • Instruction ID: b568af90b5c60e4434584c0ac608add85464d911b7398b267e0c9bce5599d745
                                                                • Opcode Fuzzy Hash: 2fd14be2e601c332b5a6b9039bddd5f708b59ce434f7541bc1a42dd40080f867
                                                                • Instruction Fuzzy Hash: 0431F234684250AFEB21CF98DC84FA53BE5FB8A721F154164F9108B2B1CB75ECA19B41
                                                                Function 009E7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7769
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E778F
                                                                • SysAllocString.OLEAUT32(00000000), ref: 009E7792
                                                                • SysAllocString.OLEAUT32(?), ref: 009E77B0
                                                                • SysFreeString.OLEAUT32(?), ref: 009E77B9
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 009E77DE
                                                                • SysAllocString.OLEAUT32(?), ref: 009E77EC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: a3e3e1cfc7f5613de37b24bb7051464598040f388bc7bd63c55b4a4a21d077aa
                                                                • Instruction ID: 1bda2bafbe09fdd40c74fe84c2e702e3c9671c6b6d3817c6a477185ea4853d45
                                                                • Opcode Fuzzy Hash: a3e3e1cfc7f5613de37b24bb7051464598040f388bc7bd63c55b4a4a21d077aa
                                                                • Instruction Fuzzy Hash: FE21B076608219AFDF11DFE9CC88DFBB3ACEB09364B048425FA05DB150D670DC828761
                                                                Function 009E77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7842
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7868
                                                                • SysAllocString.OLEAUT32(00000000), ref: 009E786B
                                                                • SysAllocString.OLEAUT32 ref: 009E788C
                                                                • SysFreeString.OLEAUT32 ref: 009E7895
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 009E78AF
                                                                • SysAllocString.OLEAUT32(?), ref: 009E78BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: eb3597922a63d83243fcda16a0adf2a7c01861457fbba097040fd3b0ba651e7f
                                                                • Instruction ID: 7ed43987119ffb7db4e7fa9b9e2509d5d1b44b18473192e74f71773eda664765
                                                                • Opcode Fuzzy Hash: eb3597922a63d83243fcda16a0adf2a7c01861457fbba097040fd3b0ba651e7f
                                                                • Instruction Fuzzy Hash: 5821B031608214AFDB11DFE9CCCCDAAB7ACEB183607108125F915CB2A0D674DC41CB65
                                                                Function 009F04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(0000000C), ref: 009F04F2
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 009F052E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: 9573f8f6537203730c120e168737a94fba34bbe246899f54b85b5d873df22773
                                                                • Instruction ID: 4c0121a2518bee8270b385ca0530c364c5da3420c209a2b7d20cf108fae22be2
                                                                • Opcode Fuzzy Hash: 9573f8f6537203730c120e168737a94fba34bbe246899f54b85b5d873df22773
                                                                • Instruction Fuzzy Hash: 11216075500309ABDF209F6ADC44AAA77BCBF95724F204A19FAA1D72E1D7B0D941CF20
                                                                Function 009F05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 009F05C6
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 009F0601
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: e938ba35140d7302de59ea1553fc9bd8ed0ac0dc6b15a071817738d5a7e3d5ab
                                                                • Instruction ID: d3ae2396113420eed440d3e9c7500c23e4b3da48fb1849ca9606faf0b23207fd
                                                                • Opcode Fuzzy Hash: e938ba35140d7302de59ea1553fc9bd8ed0ac0dc6b15a071817738d5a7e3d5ab
                                                                • Instruction Fuzzy Hash: AB21A3755003199BDB209F698C04AAA77ECBFD5734F204B19FAB1E72D1D7B09861CB10
                                                                Function 00A140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0098600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                  • Part of subcall function 0098600E: GetStockObject.GDI32(00000011), ref: 00986060
                                                                  • Part of subcall function 0098600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A14112
                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A1411F
                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A1412A
                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A14139
                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A14145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                • String ID: Msctls_Progress32
                                                                • API String ID: 1025951953-3636473452
                                                                • Opcode ID: 115dc4951e7ab7b15b8cd833157b2c8e33cd6ffdf8ffca91be56f989fe952faa
                                                                • Instruction ID: 03f9bf19b62e03bf4aa05d62dc87725f695dda1045f4b05c7726c8b9eec98e2e
                                                                • Opcode Fuzzy Hash: 115dc4951e7ab7b15b8cd833157b2c8e33cd6ffdf8ffca91be56f989fe952faa
                                                                • Instruction Fuzzy Hash: B711B2B2140219BEEF119FA4CC86EE77F6DEF097A8F004210BA18A6150C7769C61DBA4
                                                                Function 009BD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009BD7A3: _free.LIBCMT ref: 009BD7CC
                                                                • _free.LIBCMT ref: 009BD82D
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009BD838
                                                                • _free.LIBCMT ref: 009BD843
                                                                • _free.LIBCMT ref: 009BD897
                                                                • _free.LIBCMT ref: 009BD8A2
                                                                • _free.LIBCMT ref: 009BD8AD
                                                                • _free.LIBCMT ref: 009BD8B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction ID: 950a6317ee48bb8feeffde864bbdff02ac409b93e0875093dc4c652007aca3fa
                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction Fuzzy Hash: 981121B1542B08BBE521BFB0CE87FCB7BDCAF84720F404C25B29DA6492EA65B5054650
                                                                Function 009EDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 009EDA74
                                                                • LoadStringW.USER32(00000000), ref: 009EDA7B
                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 009EDA91
                                                                • LoadStringW.USER32(00000000), ref: 009EDA98
                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 009EDADC
                                                                Strings
                                                                • %s (%d) : ==> %s: %s %s, xrefs: 009EDAB9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message
                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                • API String ID: 4072794657-3128320259
                                                                • Opcode ID: 5733d554c2bd95ad76f5a9d98ecadf34f5a06160f67ad2938671c9287a9c6714
                                                                • Instruction ID: b0ac014d5eb87dbffe90575a7e6bc22aa2b4404520822de92271e1f1108d79fb
                                                                • Opcode Fuzzy Hash: 5733d554c2bd95ad76f5a9d98ecadf34f5a06160f67ad2938671c9287a9c6714
                                                                • Instruction Fuzzy Hash: 970186F65402087FE711DBE09D89FE7336CE708311F4049A1B716E2041E6749E854F74
                                                                Function 009F096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(016BF048,016BF048), ref: 009F097B
                                                                • EnterCriticalSection.KERNEL32(016BF028,00000000), ref: 009F098D
                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 009F099B
                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009F09A9
                                                                • CloseHandle.KERNEL32(?), ref: 009F09B8
                                                                • InterlockedExchange.KERNEL32(016BF048,000001F6), ref: 009F09C8
                                                                • LeaveCriticalSection.KERNEL32(016BF028), ref: 009F09CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                • String ID:
                                                                • API String ID: 3495660284-0
                                                                • Opcode ID: c45027c8b21bd8d17ce61e179c3c1f8c5e79e9a1b05c53ea584b6a115f85e83a
                                                                • Instruction ID: 6f68a98fe89e9b9e5428f7d2f686ce80ce137c5c97030bb16890624426cf8ed0
                                                                • Opcode Fuzzy Hash: c45027c8b21bd8d17ce61e179c3c1f8c5e79e9a1b05c53ea584b6a115f85e83a
                                                                • Instruction Fuzzy Hash: A5F03131482622BBD751AFD4EE8CBE6BB39FF51712F405015F201508A1D7749466CF90
                                                                Function 00A01C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A01DC0
                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A01DE1
                                                                • WSAGetLastError.WSOCK32 ref: 00A01DF2
                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00A01EDB
                                                                • inet_ntoa.WSOCK32(?), ref: 00A01E8C
                                                                  • Part of subcall function 009E39E8: _strlen.LIBCMT ref: 009E39F2
                                                                  • Part of subcall function 00A03224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,009FEC0C), ref: 00A03240
                                                                • _strlen.LIBCMT ref: 00A01F35
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                • String ID:
                                                                • API String ID: 3203458085-0
                                                                • Opcode ID: f3f4264d660a59770059cc94fa1e0a1068ddcc4b7315f5773657b88fa6358e42
                                                                • Instruction ID: 58c335cf3b571c9ea68b14c472642f9b15f4e51f53630c8dbc901b6189e77c46
                                                                • Opcode Fuzzy Hash: f3f4264d660a59770059cc94fa1e0a1068ddcc4b7315f5773657b88fa6358e42
                                                                • Instruction Fuzzy Hash: 2BB1CC31204305AFD724EF24D885F6ABBA5AFC5318F58894CF45A5B2E2DB31ED42CB91
                                                                Function 00985D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?,?), ref: 00985D30
                                                                • GetWindowRect.USER32(?,?), ref: 00985D71
                                                                • ScreenToClient.USER32(?,?), ref: 00985D99
                                                                • GetClientRect.USER32(?,?), ref: 00985ED7
                                                                • GetWindowRect.USER32(?,?), ref: 00985EF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$Client$Window$Screen
                                                                • String ID:
                                                                • API String ID: 1296646539-0
                                                                • Opcode ID: 3d6a448f7e847a4c0098c4ccfadb2b1f561ef567f3e1c6ad512456d26db15f16
                                                                • Instruction ID: ff74478e4563a5818ad2ddb0428bc4cc0451535f287e7f458ef4552efa4c9b87
                                                                • Opcode Fuzzy Hash: 3d6a448f7e847a4c0098c4ccfadb2b1f561ef567f3e1c6ad512456d26db15f16
                                                                • Instruction Fuzzy Hash: 5CB18C34A0074ADBDB10DFA8C880BEEB7F5FF58310F14981AE8A9D7250DB34AA55DB51
                                                                Function 009B01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __allrem.LIBCMT ref: 009B00BA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B00D6
                                                                • __allrem.LIBCMT ref: 009B00ED
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B010B
                                                                • __allrem.LIBCMT ref: 009B0122
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B0140
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction ID: 3cc34d3ac5473c412fcdd184d5c5c80d4fc0af48fd48009433d7aee9f77ac500
                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                • Instruction Fuzzy Hash: 8C81E372A007069FE724AA68CD52BAB73E8EFC2374F24453EF451D7281E7B4D9008B90
                                                                Function 009B61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,009A82D9,009A82D9,?,?,?,009B644F,00000001,00000001,8BE85006), ref: 009B6258
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,009B644F,00000001,00000001,8BE85006,?,?,?), ref: 009B62DE
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009B63D8
                                                                • __freea.LIBCMT ref: 009B63E5
                                                                  • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                • __freea.LIBCMT ref: 009B63EE
                                                                • __freea.LIBCMT ref: 009B6413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1414292761-0
                                                                • Opcode ID: 6aba2e229c5c23e9d38ac47cb55b3a71f258031cbf2bab4638e8a5dd5e1cfff4
                                                                • Instruction ID: 10e5259da6331b2e06c985211790a028bc131e9d852dca0eff9b101f1c4c2629
                                                                • Opcode Fuzzy Hash: 6aba2e229c5c23e9d38ac47cb55b3a71f258031cbf2bab4638e8a5dd5e1cfff4
                                                                • Instruction Fuzzy Hash: 2851B172A00216ABEB258FA4DE81FFF77AAEB84770F154629FC05D6150DB38EC44C660
                                                                Function 00A0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BCCA
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0BD25
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0BD6A
                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A0BD99
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A0BDF3
                                                                • RegCloseKey.ADVAPI32(?), ref: 00A0BDFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                • String ID:
                                                                • API String ID: 1120388591-0
                                                                • Opcode ID: 04db21437ef8305f6eee33e0d5a0f66ad4c8d627c60bbe79182fd6e3fe838689
                                                                • Instruction ID: 5c6fc8b273a56825cdfe363224d5eca0b7424bf1dc6386ac1d19a02a19952ba7
                                                                • Opcode Fuzzy Hash: 04db21437ef8305f6eee33e0d5a0f66ad4c8d627c60bbe79182fd6e3fe838689
                                                                • Instruction Fuzzy Hash: 7B81C030218245EFD714DF24D991E2ABBE5FF84308F14855CF4598B2A2DB31ED45CBA2
                                                                Function 009DF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000035), ref: 009DF7B9
                                                                • SysAllocString.OLEAUT32(00000001), ref: 009DF860
                                                                • VariantCopy.OLEAUT32(009DFA64,00000000), ref: 009DF889
                                                                • VariantClear.OLEAUT32(009DFA64), ref: 009DF8AD
                                                                • VariantCopy.OLEAUT32(009DFA64,00000000), ref: 009DF8B1
                                                                • VariantClear.OLEAUT32(?), ref: 009DF8BB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                • String ID:
                                                                • API String ID: 3859894641-0
                                                                • Opcode ID: a62d80b71b106920ae81cb2750a6ffb00e49d67272fe4e32a22917bfbce078c0
                                                                • Instruction ID: f717a62bc2ad8842bc78a4f174caa310e9033ed40f4655c769ab0e9fbe47cabd
                                                                • Opcode Fuzzy Hash: a62d80b71b106920ae81cb2750a6ffb00e49d67272fe4e32a22917bfbce078c0
                                                                • Instruction Fuzzy Hash: 3E51C635980310BACF14AB65D8B6B39B3A8EF85310B24C867E907EF391DB748C40C796
                                                                Function 009F910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 009F94E5
                                                                • _wcslen.LIBCMT ref: 009F9506
                                                                • _wcslen.LIBCMT ref: 009F952D
                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 009F9585
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FileName$OpenSave
                                                                • String ID: X
                                                                • API String ID: 83654149-3081909835
                                                                • Opcode ID: 9f84e297df7e08f86944fd77ef3f35db4d57cf2a697386ab03865c66bdd206d8
                                                                • Instruction ID: 8f160e3aa0b82fc58480fc9e2bab66bf741900abadbe95031c3b70a340ef3b28
                                                                • Opcode Fuzzy Hash: 9f84e297df7e08f86944fd77ef3f35db4d57cf2a697386ab03865c66bdd206d8
                                                                • Instruction Fuzzy Hash: EEE178316083119FD724EF24C881B6AB7E4BF85314F14896DF9999B3A2DB31ED05CB92
                                                                Function 0099920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • BeginPaint.USER32(?,?,?), ref: 00999241
                                                                • GetWindowRect.USER32(?,?), ref: 009992A5
                                                                • ScreenToClient.USER32(?,?), ref: 009992C2
                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009992D3
                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00999321
                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009D71EA
                                                                  • Part of subcall function 00999339: BeginPath.GDI32(00000000), ref: 00999357
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                • String ID:
                                                                • API String ID: 3050599898-0
                                                                • Opcode ID: 071df920a95f11dcfe74ecb90467ccc33cda28feb8898b4296bc32bd4487dfa6
                                                                • Instruction ID: d9b6006f3f77405cd083eef74be73082a216968b91dee4b9826c029ee2931d13
                                                                • Opcode Fuzzy Hash: 071df920a95f11dcfe74ecb90467ccc33cda28feb8898b4296bc32bd4487dfa6
                                                                • Instruction Fuzzy Hash: 0241B070148300EFDB21DFA8CC85FBA7BA8FB46321F04462DF965872A1D7319846DB61
                                                                Function 009F07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 009F080C
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 009F0847
                                                                • EnterCriticalSection.KERNEL32(?), ref: 009F0863
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 009F08DC
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009F08F3
                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 009F0921
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                • String ID:
                                                                • API String ID: 3368777196-0
                                                                • Opcode ID: a30b87458898eb1acf4022a63ae4a3c3a565e6dd827d2120e02d83256aad2cea
                                                                • Instruction ID: 91bd66663744f41efdf8114728468a3260a4edf7e685d669e51da044c1f709de
                                                                • Opcode Fuzzy Hash: a30b87458898eb1acf4022a63ae4a3c3a565e6dd827d2120e02d83256aad2cea
                                                                • Instruction Fuzzy Hash: 9B417E75900209EBDF14EF94DC85AAAB778FF84310F1480A5ED04DA297D731DE65DBA0
                                                                Function 00A181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,009DF3AB,00000000,?,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 00A1824C
                                                                • EnableWindow.USER32(?,00000000), ref: 00A18272
                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A182D1
                                                                • ShowWindow.USER32(?,00000004), ref: 00A182E5
                                                                • EnableWindow.USER32(?,00000001), ref: 00A1830B
                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A1832F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Show$Enable$MessageSend
                                                                • String ID:
                                                                • API String ID: 642888154-0
                                                                • Opcode ID: ea339cb9d5eba2b5ff12668dd538dae7694a4cac9b36a17fac6075cccecc8d6b
                                                                • Instruction ID: d3d0fc99407b814db5f520a4259970dca515a52db2f61ee2454d100b8ceee6a6
                                                                • Opcode Fuzzy Hash: ea339cb9d5eba2b5ff12668dd538dae7694a4cac9b36a17fac6075cccecc8d6b
                                                                • Instruction Fuzzy Hash: A041E474601640EFDB22CF54D899BE47BE1FB0A715F1841A8F5684F2B2CB79AC82CB40
                                                                Function 009E4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 009E4C95
                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 009E4CB2
                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 009E4CEA
                                                                • _wcslen.LIBCMT ref: 009E4D08
                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 009E4D10
                                                                • _wcsstr.LIBVCRUNTIME ref: 009E4D1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                • String ID:
                                                                • API String ID: 72514467-0
                                                                • Opcode ID: c2c80dee2a0b2d9d4e1e31657a7131a64e4ebf7fb0a0a62baf37688c74c7bbec
                                                                • Instruction ID: 8bddacc791c9fc6602e0e2155d973fd820728c588c14281c5f787621052be760
                                                                • Opcode Fuzzy Hash: c2c80dee2a0b2d9d4e1e31657a7131a64e4ebf7fb0a0a62baf37688c74c7bbec
                                                                • Instruction Fuzzy Hash: A7210B32204240BBEB169B7ADC49F7B7B9DDF85760F108039F805CB192DA65DC41D6A0
                                                                Function 009F581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                • _wcslen.LIBCMT ref: 009F587B
                                                                • CoInitialize.OLE32(00000000), ref: 009F5995
                                                                • CoCreateInstance.OLE32(00A1FCF8,00000000,00000001,00A1FB68,?), ref: 009F59AE
                                                                • CoUninitialize.OLE32 ref: 009F59CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 3172280962-24824748
                                                                • Opcode ID: b380d2dfa66a78926018c132cf36daad4ca1c6f547dfb75fc73e580d684f8df7
                                                                • Instruction ID: 315d41df2f9925f73e7793fba7b7149b9ebda278855efdabc61f8b8aca2f8672
                                                                • Opcode Fuzzy Hash: b380d2dfa66a78926018c132cf36daad4ca1c6f547dfb75fc73e580d684f8df7
                                                                • Instruction Fuzzy Hash: 07D173746087059FC714EF24C480A2ABBE5FF89724F15885DFA8A9B361DB31EC45CB92
                                                                Function 009E175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009E0FCA
                                                                  • Part of subcall function 009E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009E0FD6
                                                                  • Part of subcall function 009E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009E0FE5
                                                                  • Part of subcall function 009E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009E0FEC
                                                                  • Part of subcall function 009E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009E1002
                                                                • GetLengthSid.ADVAPI32(?,00000000,009E1335), ref: 009E17AE
                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 009E17BA
                                                                • HeapAlloc.KERNEL32(00000000), ref: 009E17C1
                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 009E17DA
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,009E1335), ref: 009E17EE
                                                                • HeapFree.KERNEL32(00000000), ref: 009E17F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                • String ID:
                                                                • API String ID: 3008561057-0
                                                                • Opcode ID: 7f9aeb8540410c15b8a7c15b034fb5f5531b18f1f7b73f0d706450d93e8ce9ff
                                                                • Instruction ID: 80d82af0dcaaadfce70bf18b9c1b5fae51903ff6a236d2d0fe2632689ae44bda
                                                                • Opcode Fuzzy Hash: 7f9aeb8540410c15b8a7c15b034fb5f5531b18f1f7b73f0d706450d93e8ce9ff
                                                                • Instruction Fuzzy Hash: E811A932680205FFDB11DFA5CC49BAE7BB9EB45765F108518F881A7210C736AD41CB60
                                                                Function 009E14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009E14FF
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 009E1506
                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 009E1515
                                                                • CloseHandle.KERNEL32(00000004), ref: 009E1520
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 009E154F
                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 009E1563
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                • String ID:
                                                                • API String ID: 1413079979-0
                                                                • Opcode ID: a6d93b50bce6b301ea5cdf4311d76a8f813e3b0f6e33a6f2b8a6d7f776d4f54e
                                                                • Instruction ID: eb0869a5abb2df8e6db171849d2700f9edf70d7590963d7fd2baaea6826015d8
                                                                • Opcode Fuzzy Hash: a6d93b50bce6b301ea5cdf4311d76a8f813e3b0f6e33a6f2b8a6d7f776d4f54e
                                                                • Instruction Fuzzy Hash: 20115672600249ABDF12CFE8DD49BDE7BADEF48714F048024FA05A61A0D375CE61DB60
                                                                Function 009A3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,009A3379,009A2FE5), ref: 009A3390
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A339E
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A33B7
                                                                • SetLastError.KERNEL32(00000000,?,009A3379,009A2FE5), ref: 009A3409
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: b5cee7e99c6ff4d56f25662e106d252d6a0f92785259344a8c2ff3bf4cd24f01
                                                                • Instruction ID: 7b2da55b6b931b0eb283013fee50de442cb0a4d9b20026373c8e38ecaee1211b
                                                                • Opcode Fuzzy Hash: b5cee7e99c6ff4d56f25662e106d252d6a0f92785259344a8c2ff3bf4cd24f01
                                                                • Instruction Fuzzy Hash: 7801473B60E711BEEA6427F47C866672A98EBC7379320C229F424841F0FF124D0251C4
                                                                Function 009B2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,009B5686,009C3CD6,?,00000000,?,009B5B6A,?,?,?,?,?,009AE6D1,?,00A48A48), ref: 009B2D78
                                                                • _free.LIBCMT ref: 009B2DAB
                                                                • _free.LIBCMT ref: 009B2DD3
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,009AE6D1,?,00A48A48,00000010,00984F4A,?,?,00000000,009C3CD6), ref: 009B2DE0
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,009AE6D1,?,00A48A48,00000010,00984F4A,?,?,00000000,009C3CD6), ref: 009B2DEC
                                                                • _abort.LIBCMT ref: 009B2DF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free$_abort
                                                                • String ID:
                                                                • API String ID: 3160817290-0
                                                                • Opcode ID: 5bf8c82b4063843cf2084ec2a5944083f3209c28d30ea6f554671c51cde8121e
                                                                • Instruction ID: 09a4c3b3ac414140596bae410b8dea89ffea559cb35377e5ef90ae152a5d5425
                                                                • Opcode Fuzzy Hash: 5bf8c82b4063843cf2084ec2a5944083f3209c28d30ea6f554671c51cde8121e
                                                                • Instruction Fuzzy Hash: 48F0C83654561037C612B778BF0AFDA265DFFC67B1F258918F838961D6EE2488025160
                                                                Function 00A18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                  • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                  • Part of subcall function 00999639: BeginPath.GDI32(?), ref: 009996B9
                                                                  • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A18A4E
                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00A18A62
                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A18A70
                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00A18A80
                                                                • EndPath.GDI32(?), ref: 00A18A90
                                                                • StrokePath.GDI32(?), ref: 00A18AA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                • String ID:
                                                                • API String ID: 43455801-0
                                                                • Opcode ID: 31bb3d34c06db57f0d131c134b2ab34f52f7473d31c5ac524131bf7dd630dd49
                                                                • Instruction ID: d8bc53f8bf733eb55d79d58527e808d3ad25b64b97dbde0fa7c1f9f85dac8baa
                                                                • Opcode Fuzzy Hash: 31bb3d34c06db57f0d131c134b2ab34f52f7473d31c5ac524131bf7dd630dd49
                                                                • Instruction Fuzzy Hash: 5D11B776040109FFDB129F94EC88EEA7F6DEB083A4F04C052FA199A1A1C7719D56DBA0
                                                                Function 009E51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 009E5218
                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 009E5229
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 009E5230
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 009E5238
                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 009E524F
                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 009E5261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDevice$Release
                                                                • String ID:
                                                                • API String ID: 1035833867-0
                                                                • Opcode ID: e0d9158b1ec5c1e08b0cb468ac51d06f1223e39691a01670f501741139678051
                                                                • Instruction ID: 21924f67b244b368b090e3d01486e4a279adc0a6f300794d23a5a90d0db233a9
                                                                • Opcode Fuzzy Hash: e0d9158b1ec5c1e08b0cb468ac51d06f1223e39691a01670f501741139678051
                                                                • Instruction Fuzzy Hash: F2014475A40754BBEB109BE69C49B9EBF78EB48761F048065FA05A7381D6709D01CB60
                                                                Function 00981BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00981BF4
                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00981BFC
                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00981C07
                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00981C12
                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00981C1A
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00981C22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual
                                                                • String ID:
                                                                • API String ID: 4278518827-0
                                                                • Opcode ID: b8949b950cd8dfd29f14e3a0f629a34ab935eab54f674daf03fae32ff73fa861
                                                                • Instruction ID: 23cc2df4ebed77ac28f1ed4a923a76d006a807a9f7d32275869e0fefc23000d1
                                                                • Opcode Fuzzy Hash: b8949b950cd8dfd29f14e3a0f629a34ab935eab54f674daf03fae32ff73fa861
                                                                • Instruction Fuzzy Hash: F60167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                Function 009EEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 009EEB30
                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 009EEB46
                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 009EEB55
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB64
                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB6E
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 839392675-0
                                                                • Opcode ID: d01ef836aaea3b1bdaa5e67475f2430a9d80ea398e3fc6c9c4fb535fdf136dc4
                                                                • Instruction ID: 6640f220f57d0be27e8f568e91236d92b5297deeb0cef6694a1c82884508e171
                                                                • Opcode Fuzzy Hash: d01ef836aaea3b1bdaa5e67475f2430a9d80ea398e3fc6c9c4fb535fdf136dc4
                                                                • Instruction Fuzzy Hash: 6AF03072580168BBE72197929C0DEEF7A7CEFCAB21F008158F611D1091D7A45A02C6B5
                                                                Function 009D7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?), ref: 009D7452
                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 009D7469
                                                                • GetWindowDC.USER32(?), ref: 009D7475
                                                                • GetPixel.GDI32(00000000,?,?), ref: 009D7484
                                                                • ReleaseDC.USER32(?,00000000), ref: 009D7496
                                                                • GetSysColor.USER32(00000005), ref: 009D74B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                • String ID:
                                                                • API String ID: 272304278-0
                                                                • Opcode ID: 888de3397135960ee93373be4eaa17c6728c3a5c4f685f20a9924b1823b0b74d
                                                                • Instruction ID: c1f60584c6e95b32ce7ce245c6dfee37cc4eaf61d3a49327cb0ce7440273048f
                                                                • Opcode Fuzzy Hash: 888de3397135960ee93373be4eaa17c6728c3a5c4f685f20a9924b1823b0b74d
                                                                • Instruction Fuzzy Hash: E2018631480215EFEB519FE4DC08BEABBB6FB04321F608164F926A21B0DB311E42EB10
                                                                Function 009E1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 009E187F
                                                                • UnloadUserProfile.USERENV(?,?), ref: 009E188B
                                                                • CloseHandle.KERNEL32(?), ref: 009E1894
                                                                • CloseHandle.KERNEL32(?), ref: 009E189C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 009E18A5
                                                                • HeapFree.KERNEL32(00000000), ref: 009E18AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                • String ID:
                                                                • API String ID: 146765662-0
                                                                • Opcode ID: 1010cd47f26430decf6f349a55c75e4fd6822acca11fc3872f9c0849eae6a532
                                                                • Instruction ID: 7d4ec8b9a63bff75ecf371b985e42ab7378006f728694f66834d1ba8b3ec4b28
                                                                • Opcode Fuzzy Hash: 1010cd47f26430decf6f349a55c75e4fd6822acca11fc3872f9c0849eae6a532
                                                                • Instruction Fuzzy Hash: A7E0C236484211BBDA019BE1ED0C98ABB2AFB49B32B10C220F225850B0CB729422DB50
                                                                Function 009EC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 009EC6EE
                                                                • _wcslen.LIBCMT ref: 009EC735
                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 009EC79C
                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 009EC7CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                • String ID: 0
                                                                • API String ID: 1227352736-4108050209
                                                                • Opcode ID: 92f215315aa44e7ee6cf34476dc306de93b2e53cdcde1c54d68e9aa77f817dfe
                                                                • Instruction ID: 50962fb087d67a4925969b633f5a19eda0cf4d512f61b05388bd9c740e829a7e
                                                                • Opcode Fuzzy Hash: 92f215315aa44e7ee6cf34476dc306de93b2e53cdcde1c54d68e9aa77f817dfe
                                                                • Instruction Fuzzy Hash: A151D1B16043819BD712DF2AC885B6BB7E8AF8A710F040A2DF9D5D3290DB75DC46CB52
                                                                Function 009E719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 009E7206
                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 009E723C
                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 009E724D
                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009E72CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                • String ID: DllGetClassObject
                                                                • API String ID: 753597075-1075368562
                                                                • Opcode ID: 431bae32f41b19910e114e504401bdc6d3e1f8bc98130d614c9a6993f5d3af6a
                                                                • Instruction ID: ffe6bb2dceeb4f85c9367f64d46af19dd960f7850a4efd5e2018eff283ead365
                                                                • Opcode Fuzzy Hash: 431bae32f41b19910e114e504401bdc6d3e1f8bc98130d614c9a6993f5d3af6a
                                                                • Instruction Fuzzy Hash: A4419F71A04245EFDB16CF95C884B9ABBA9EF84310F1484A9BE059F30AD7B0DD41CBA1
                                                                Function 00A13D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A13E35
                                                                • IsMenu.USER32(?), ref: 00A13E4A
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A13E92
                                                                • DrawMenuBar.USER32 ref: 00A13EA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                • String ID: 0
                                                                • API String ID: 3076010158-4108050209
                                                                • Opcode ID: 6ffd1b1a5a7399df1c548e77d4f4d796e38ab529fec2405dbb235a2d6292ca7c
                                                                • Instruction ID: 255c8f923a0bcb07e14885aacaab8611df78da46c6428823e964c89856f92669
                                                                • Opcode Fuzzy Hash: 6ffd1b1a5a7399df1c548e77d4f4d796e38ab529fec2405dbb235a2d6292ca7c
                                                                • Instruction Fuzzy Hash: 77410876A01309EFDF10DF94D884AEABBF9FF49364F044129E915A7290D730AE95CB50
                                                                Function 009E1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 009E1E66
                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 009E1E79
                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 009E1EA9
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 2081771294-1403004172
                                                                • Opcode ID: 2689b7432e4847280742c439071aed24256e9fe6b3a0a5d5627cd410fd0534ab
                                                                • Instruction ID: 9c35b9785022131bdc066f452b709da80fc24ec81b2267871b08de4a0eeea1dd
                                                                • Opcode Fuzzy Hash: 2689b7432e4847280742c439071aed24256e9fe6b3a0a5d5627cd410fd0534ab
                                                                • Instruction Fuzzy Hash: E5212371A00144BFDB15ABB5CC49EFFB7B9EF85360B148519F826A72E1DB384D0A8720
                                                                Function 00A12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A12F8D
                                                                • LoadLibraryW.KERNEL32(?), ref: 00A12F94
                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A12FA9
                                                                • DestroyWindow.USER32(?), ref: 00A12FB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                • String ID: SysAnimate32
                                                                • API String ID: 3529120543-1011021900
                                                                • Opcode ID: 67540b6390a2d64f7d92c9896b7975764ab0ddb83de6898268355cf1a30f665d
                                                                • Instruction ID: 6651d5ce17af9d2f938a8370f4994ad32f53ad0f2155e8a3670f7111ffbee7c6
                                                                • Opcode Fuzzy Hash: 67540b6390a2d64f7d92c9896b7975764ab0ddb83de6898268355cf1a30f665d
                                                                • Instruction Fuzzy Hash: 16218C71204209ABEB209FA4DC84FFB77BDEB99364F104618F950D6190D771DCB29760
                                                                Function 009A4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009A4D1E,009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002), ref: 009A4D8D
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A4DA0
                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,009A4D1E,009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000), ref: 009A4DC3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: a92e5c82566d96527eab7dd5e3b43919713edcf74edc9c19bd73acdf8fc562da
                                                                • Instruction ID: 8416ef6afd8f6a5751c30f5cbe3dd7f4a01c6a3b7c20766a14ce29588e079991
                                                                • Opcode Fuzzy Hash: a92e5c82566d96527eab7dd5e3b43919713edcf74edc9c19bd73acdf8fc562da
                                                                • Instruction Fuzzy Hash: 8AF04435580218BBDB119F94DC49BDDBBB9EF85761F044164F805A6190CB759941CAD0
                                                                Function 00984E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E9C
                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00984EAE
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-3689287502
                                                                • Opcode ID: 81612ea1894030b9bcc87f831065e64b07fc697b6584aed6e2aa41268b745ce8
                                                                • Instruction ID: 7feee1776254bbd97b3258ecd9e5fbda593bd3c39ed662de898b4a61f624d7a8
                                                                • Opcode Fuzzy Hash: 81612ea1894030b9bcc87f831065e64b07fc697b6584aed6e2aa41268b745ce8
                                                                • Instruction Fuzzy Hash: F1E0CD36AC55237BD2316B656C18B9F665CBFC1F737054215FC00E2301DB64CD0241A1
                                                                Function 00984E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E62
                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00984E74
                                                                • FreeLibrary.KERNEL32(00000000,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-1355242751
                                                                • Opcode ID: c264ab2363bf0889ea0f13abf060f5ef0ab5e83c53bab4e55b02980419319f29
                                                                • Instruction ID: 94f03d3eb1c7e41a45f8e96f72439a544d6ef83d9bcd6769ec6bef958f9dc66c
                                                                • Opcode Fuzzy Hash: c264ab2363bf0889ea0f13abf060f5ef0ab5e83c53bab4e55b02980419319f29
                                                                • Instruction Fuzzy Hash: 45D0C23658262277CA222B247C08DCB2A1CBF81F313054610B801E2211CF24CD0282D1
                                                                Function 009F2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2C05
                                                                • DeleteFileW.KERNEL32(?), ref: 009F2C87
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 009F2C9D
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2CAE
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2CC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Delete$Copy
                                                                • String ID:
                                                                • API String ID: 3226157194-0
                                                                • Opcode ID: ac0c8383a293564cef8ecb5fa8d9f38aeb82c25dd936ed70453d5d5ed57a7375
                                                                • Instruction ID: db5c590cd4916086a1736d80a31349c064743f4d84c39ad3e7cb769c71c23f54
                                                                • Opcode Fuzzy Hash: ac0c8383a293564cef8ecb5fa8d9f38aeb82c25dd936ed70453d5d5ed57a7375
                                                                • Instruction Fuzzy Hash: D1B12D7290111DABDF11EFA4CC85FEEBB7DEF89350F1040A6F609E6151EA349A448BA1
                                                                Function 00A0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32 ref: 00A0A427
                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A0A435
                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A0A468
                                                                • CloseHandle.KERNEL32(?), ref: 00A0A63D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                • String ID:
                                                                • API String ID: 3488606520-0
                                                                • Opcode ID: cd35611ca750a915ac705a556a0868e2147bef83e9564fb430f2ad9756fe2f69
                                                                • Instruction ID: 9aa4aca7a4f40219e1507c68bc0a2f018ee050ba711fa84e0bd599e90e4ab2e1
                                                                • Opcode Fuzzy Hash: cd35611ca750a915ac705a556a0868e2147bef83e9564fb430f2ad9756fe2f69
                                                                • Instruction Fuzzy Hash: F9A19271604300AFE720EF28D886F2AB7E5AF94714F14885DF55A9B3D2D771EC418B92
                                                                Function 009BBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00A23700), ref: 009BBB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00A5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 009BBC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00A51270,000000FF,?,0000003F,00000000,?), ref: 009BBC36
                                                                • _free.LIBCMT ref: 009BBB7F
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009BBD4B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID:
                                                                • API String ID: 1286116820-0
                                                                • Opcode ID: 1a22c7714591324b679586ec0149972ae83a058e6af34f1d8a278852cf17b95e
                                                                • Instruction ID: 656fb93c5572270a6a53aa9887b4080418459e772338b726823a121732755ef9
                                                                • Opcode Fuzzy Hash: 1a22c7714591324b679586ec0149972ae83a058e6af34f1d8a278852cf17b95e
                                                                • Instruction Fuzzy Hash: 2C51A671900219AFCB10DFA99E81AFEBBBCFB81770F10466AE554D71D1EBB09E418B50
                                                                Function 009EE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,009ECF22,?), ref: 009EDDFD
                                                                  • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,009ECF22,?), ref: 009EDE16
                                                                  • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 009EE473
                                                                • MoveFileW.KERNEL32(?,?), ref: 009EE4AC
                                                                • _wcslen.LIBCMT ref: 009EE5EB
                                                                • _wcslen.LIBCMT ref: 009EE603
                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 009EE650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                • String ID:
                                                                • API String ID: 3183298772-0
                                                                • Opcode ID: cb0d7f68bb6a755deb66f324332ec5e23cc5cf4e94f684ab9265fd16b46e16cf
                                                                • Instruction ID: a1a49416dfc05210d6bf06c00746fc7843c65d70affd13ea63962942e924a75d
                                                                • Opcode Fuzzy Hash: cb0d7f68bb6a755deb66f324332ec5e23cc5cf4e94f684ab9265fd16b46e16cf
                                                                • Instruction Fuzzy Hash: 165173B24083859BC725EB90DC85AEFB3ECAFC5350F00491EF589D3191EF75A6888766
                                                                Function 00A0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                  • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BAA5
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0BB00
                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A0BB63
                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00A0BBA6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00A0BBB3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 826366716-0
                                                                • Opcode ID: b33d253369d085e47cf5a59a67d1580c2abda32871ecd8189a3fa4e6aeab9842
                                                                • Instruction ID: 3e3a2a54f159c52b17b8e6b75dfed78b0db6de24ef2f409a0d4cc4bb404dcdb7
                                                                • Opcode Fuzzy Hash: b33d253369d085e47cf5a59a67d1580c2abda32871ecd8189a3fa4e6aeab9842
                                                                • Instruction Fuzzy Hash: 0961BF31218205AFD314DF24D590F2ABBE5FF85348F14895CF49A8B2A2DB31ED45CBA2
                                                                Function 009E8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 009E8BCD
                                                                • VariantClear.OLEAUT32 ref: 009E8C3E
                                                                • VariantClear.OLEAUT32 ref: 009E8C9D
                                                                • VariantClear.OLEAUT32(?), ref: 009E8D10
                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 009E8D3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$Clear$ChangeInitType
                                                                • String ID:
                                                                • API String ID: 4136290138-0
                                                                • Opcode ID: 8b1de9c69cd7c85493fbe455cc4b5b6fcb5d4e24aaad0c39c718c11bc03504ad
                                                                • Instruction ID: 9458d7dc6bec4920f1953586f929d6925f41107e424c18d0038c3cb8a2672759
                                                                • Opcode Fuzzy Hash: 8b1de9c69cd7c85493fbe455cc4b5b6fcb5d4e24aaad0c39c718c11bc03504ad
                                                                • Instruction Fuzzy Hash: 385178B5A00659EFCB10CFA9C884AAAB7F9FF89310B158559F949DB350E730E911CF90
                                                                Function 009F8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 009F8BAE
                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 009F8BDA
                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 009F8C32
                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 009F8C57
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 009F8C5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                • String ID:
                                                                • API String ID: 2832842796-0
                                                                • Opcode ID: 16b8937b04d90136941c280ca439831fc64d001da72dcc59fcbcb198104756ad
                                                                • Instruction ID: 99bcf0d2cb9b1d54bea9200ca960cd985a6c0145c6952d4c6f9f26586b6a975a
                                                                • Opcode Fuzzy Hash: 16b8937b04d90136941c280ca439831fc64d001da72dcc59fcbcb198104756ad
                                                                • Instruction Fuzzy Hash: 9E514035A002199FCB05EF54C881E6EBBF5FF49314F088458E949AB362DB35ED51CBA0
                                                                Function 00A08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A08F40
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A08FD0
                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00A08FEC
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A09032
                                                                • FreeLibrary.KERNEL32(00000000), ref: 00A09052
                                                                  • Part of subcall function 0099F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,009F1043,?,75C0E610), ref: 0099F6E6
                                                                  • Part of subcall function 0099F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,009DFA64,00000000,00000000,?,?,009F1043,?,75C0E610,?,009DFA64), ref: 0099F70D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                • String ID:
                                                                • API String ID: 666041331-0
                                                                • Opcode ID: f004a7aa46eba75f4d9f06a569e82fea61e4687f7f93a77591905cab586b96ae
                                                                • Instruction ID: b5679399c1e29943a75a4cf9e87693b24a105f893199d441c043e3a907ad754c
                                                                • Opcode Fuzzy Hash: f004a7aa46eba75f4d9f06a569e82fea61e4687f7f93a77591905cab586b96ae
                                                                • Instruction Fuzzy Hash: 5C514035604209DFC715EF68D4949ADBBF1FF49324B0880A8E8459B7A2DB31ED86CF91
                                                                Function 00A16B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A16C33
                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00A16C4A
                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A16C73
                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,009FAB79,00000000,00000000), ref: 00A16C98
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A16CC7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$MessageSendShow
                                                                • String ID:
                                                                • API String ID: 3688381893-0
                                                                • Opcode ID: eb991aedd81e60ec088850f9fc70fe48fdd88f828f932828dd60a388853a0aa3
                                                                • Instruction ID: d49461715a3f665373127f938a997e5f8b334d203e3d57ad6810a72ae9e5539a
                                                                • Opcode Fuzzy Hash: eb991aedd81e60ec088850f9fc70fe48fdd88f828f932828dd60a388853a0aa3
                                                                • Instruction Fuzzy Hash: 4B41B439644104AFD724CF68CD58FE97BA9EB09360F154268F995E72E0D371AD81CA90
                                                                Function 009B2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 9c26de1b54dd228f2620ccf3d04b86af2921982987511f315e116b16106dbd01
                                                                • Instruction ID: 95740bfd6eed466660426b55a6866876260bb165b1d1c611384f683e26ad2079
                                                                • Opcode Fuzzy Hash: 9c26de1b54dd228f2620ccf3d04b86af2921982987511f315e116b16106dbd01
                                                                • Instruction Fuzzy Hash: EB41E476A00200AFCB24DFB8CA81A9DB7F5EFC9324F154568E515EB355DB31AD01CB80
                                                                Function 0099912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00999141
                                                                • ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                • GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                • GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncState$ClientCursorScreen
                                                                • String ID:
                                                                • API String ID: 4210589936-0
                                                                • Opcode ID: ff0c9822d4cffef1541b35c0ca393e8d53ed66f486da54253beab1e0f5feef4a
                                                                • Instruction ID: c91e704ce05efdb545e71ad33230c90237432ede2965eea9ba572a879be58f01
                                                                • Opcode Fuzzy Hash: ff0c9822d4cffef1541b35c0ca393e8d53ed66f486da54253beab1e0f5feef4a
                                                                • Instruction Fuzzy Hash: 57415E31A4C61AFBDF159FA8C844BEEF779FB05320F20871AE425A62D0D7346990CB91
                                                                Function 009F3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 009F38CB
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 009F3922
                                                                • TranslateMessage.USER32(?), ref: 009F394B
                                                                • DispatchMessageW.USER32(?), ref: 009F3955
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009F3966
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                • String ID:
                                                                • API String ID: 2256411358-0
                                                                • Opcode ID: 9f76264cc2d848c14f0742b5671a3a57272d1f0b436c02b6d40c966dba3fafc8
                                                                • Instruction ID: f652c307c5cdbc0b5386bad92d04bec2c8a85e86b0e6027454a7484105f57d9e
                                                                • Opcode Fuzzy Hash: 9f76264cc2d848c14f0742b5671a3a57272d1f0b436c02b6d40c966dba3fafc8
                                                                • Instruction Fuzzy Hash: FB31F77054434ADEEB35CBB5D848BB637ECAB01351F04856DE662821A0E3FC9AC6CB11
                                                                Function 009FCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 009FCF38
                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 009FCF6F
                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFB4
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFC8
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                • String ID:
                                                                • API String ID: 3191363074-0
                                                                • Opcode ID: 950c6c3d6a9a024da9145057f2407522fecd15a054ee028f6c5d0a676511f3b0
                                                                • Instruction ID: 00f852fb88fc557f54db8264788b0f856fdfa0bd47b94444168435823011db0f
                                                                • Opcode Fuzzy Hash: 950c6c3d6a9a024da9145057f2407522fecd15a054ee028f6c5d0a676511f3b0
                                                                • Instruction Fuzzy Hash: F2314CB150420DAFDB20DFA5CA84ABBFBFDEB14351B10842EF616D2141DB34AE41DB60
                                                                Function 009E1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 009E1915
                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 009E19C1
                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 009E19C9
                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 009E19DA
                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 009E19E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleep$RectWindow
                                                                • String ID:
                                                                • API String ID: 3382505437-0
                                                                • Opcode ID: 9b9f30c64515e281a363a8145282481ff444b2395db11c486af02592147b9400
                                                                • Instruction ID: 17bc8b0c484923f6d39a4726cdbb36ef77b5b87c0e72e61c10770840475d3dba
                                                                • Opcode Fuzzy Hash: 9b9f30c64515e281a363a8145282481ff444b2395db11c486af02592147b9400
                                                                • Instruction Fuzzy Hash: 3831D471900259EFCB00CFA9DD99ADE3BB5FB44325F108225F961A72D2C7709D44CB90
                                                                Function 00A15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A15745
                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00A1579D
                                                                • _wcslen.LIBCMT ref: 00A157AF
                                                                • _wcslen.LIBCMT ref: 00A157BA
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A15816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen
                                                                • String ID:
                                                                • API String ID: 763830540-0
                                                                • Opcode ID: 2bb0de54c4b2a73ccefe1fe8b1eddcb330aeb984cde1fdec375bd81643d3015e
                                                                • Instruction ID: 7c0166f65628e929da0ba22579b15806155c9c6a84e4d753a2e9477b75b42739
                                                                • Opcode Fuzzy Hash: 2bb0de54c4b2a73ccefe1fe8b1eddcb330aeb984cde1fdec375bd81643d3015e
                                                                • Instruction Fuzzy Hash: 75217171D04618DADB209FB4CC85AEEB7B9FF85724F108616E929EA1C0D77489C5CF90
                                                                Function 00A00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(00000000), ref: 00A00951
                                                                • GetForegroundWindow.USER32 ref: 00A00968
                                                                • GetDC.USER32(00000000), ref: 00A009A4
                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00A009B0
                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00A009E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ForegroundPixelRelease
                                                                • String ID:
                                                                • API String ID: 4156661090-0
                                                                • Opcode ID: 4b14ff891bfe735bf534665caa7ba94c3bf479a72363bbeb900bf4fb6821b005
                                                                • Instruction ID: 88a3685e51a21a0ae63c9892d7b99c484710a27b0602c1f5b8a04bb08fd47452
                                                                • Opcode Fuzzy Hash: 4b14ff891bfe735bf534665caa7ba94c3bf479a72363bbeb900bf4fb6821b005
                                                                • Instruction Fuzzy Hash: 99218175600204AFD704EFA5D884FAEBBF5EF84750F048068F95A97362CB70AC45CB90
                                                                Function 009BCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 009BCDC6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009BCDE9
                                                                  • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 009BCE0F
                                                                • _free.LIBCMT ref: 009BCE22
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009BCE31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                • String ID:
                                                                • API String ID: 336800556-0
                                                                • Opcode ID: 1cbc242f205076532fbdb534e59abbbed7aeaaea114bf064c28d872a459ebb71
                                                                • Instruction ID: f5398f2c1febbf07e0f1ff8cfde0f8282f95b8159329c5221bd0bfc852d252f4
                                                                • Opcode Fuzzy Hash: 1cbc242f205076532fbdb534e59abbbed7aeaaea114bf064c28d872a459ebb71
                                                                • Instruction Fuzzy Hash: 6C01A7B2601615BF63215AF66D8CDFBBA6DDEC6FB13154129FD05DB201EA61CD0281B0
                                                                Function 0099990C Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 009998CC
                                                                • SetTextColor.GDI32(?,?), ref: 009998D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 009998E9
                                                                • GetStockObject.GDI32(00000005), ref: 009998F1
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                • String ID:
                                                                • API String ID: 1860813098-0
                                                                • Opcode ID: ecd378060967a8d880973097fd0b35e9f2c52d0354ece0db1ad958aae41aa911
                                                                • Instruction ID: 203b8c6403b8627a81f20841fc79157205e9da8fc1b2f84656db6cbf403fbf46
                                                                • Opcode Fuzzy Hash: ecd378060967a8d880973097fd0b35e9f2c52d0354ece0db1ad958aae41aa911
                                                                • Instruction Fuzzy Hash: 68210431186290AFDF228F7DEC59AE93F68AB13331F18825DF5A24A1A1C7314952CB51
                                                                Function 00999639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                • SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                • BeginPath.GDI32(?), ref: 009996B9
                                                                • SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 2378a7e4114bb2749d39a2c1d6fd798f57fad0b0e8b45d081808b710f874ea1c
                                                                • Instruction ID: 1ded7ffd045e6878e8b8ab5e031363400b2194e982298cdebec69817a718d0cd
                                                                • Opcode Fuzzy Hash: 2378a7e4114bb2749d39a2c1d6fd798f57fad0b0e8b45d081808b710f874ea1c
                                                                • Instruction Fuzzy Hash: E8215E70842305EBDF11DFECEC187F97BA9BB51366F10421AF411A61B0D3759892CB94
                                                                Function 009E5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 4292aed827180ebca4c7f9e7eb6147a0ca838dc7eadef073f5c85a5cba4ab5df
                                                                • Instruction ID: 960c9b7b760e881766902591402f33a3385e489f836b182e393499df42ba8a74
                                                                • Opcode Fuzzy Hash: 4292aed827180ebca4c7f9e7eb6147a0ca838dc7eadef073f5c85a5cba4ab5df
                                                                • Instruction Fuzzy Hash: F501B5A2645649FFD60995129D92FFB735DAB61398F014420FD089A242FB62EE6082E0
                                                                Function 009B2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6), ref: 009B2DFD
                                                                • _free.LIBCMT ref: 009B2E32
                                                                • _free.LIBCMT ref: 009B2E59
                                                                • SetLastError.KERNEL32(00000000,00981129), ref: 009B2E66
                                                                • SetLastError.KERNEL32(00000000,00981129), ref: 009B2E6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free
                                                                • String ID:
                                                                • API String ID: 3170660625-0
                                                                • Opcode ID: 5d60204497cd13252f4f09bfc1d5816c538e167d303c8ae833998a6d14e52457
                                                                • Instruction ID: 44fc0d45d83d9bc5758b41114710fa2cc0b56b1f7566e2383ef987bee4fddec0
                                                                • Opcode Fuzzy Hash: 5d60204497cd13252f4f09bfc1d5816c538e167d303c8ae833998a6d14e52457
                                                                • Instruction Fuzzy Hash: F801283624561077C613A7BA6F45EEB266DEBC67B1B218928F839A31D3EF34CC024020
                                                                Function 009E000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?,?,009E035E), ref: 009E002B
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0046
                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0054
                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?), ref: 009E0064
                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0070
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                • String ID:
                                                                • API String ID: 3897988419-0
                                                                • Opcode ID: 7b9130e45e97e5fa893c230d6184bc6a161983023509443264d8e6ea79906c20
                                                                • Instruction ID: a3fe718896204edad7339ad6e7920be0aadc8b4ab36613cabbca820ca0144a1b
                                                                • Opcode Fuzzy Hash: 7b9130e45e97e5fa893c230d6184bc6a161983023509443264d8e6ea79906c20
                                                                • Instruction Fuzzy Hash: 7701A272640204BFDB129FAADC44BEA7AEDEF84762F148124F905D6210E7B5DD81CBA0
                                                                Function 009EE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 009EE997
                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 009EE9A5
                                                                • Sleep.KERNEL32(00000000), ref: 009EE9AD
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 009EE9B7
                                                                • Sleep.KERNEL32 ref: 009EE9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                • String ID:
                                                                • API String ID: 2833360925-0
                                                                • Opcode ID: 01d812a32de7f61f79a3ed5d47116a7526f8c0b75486049c93d4ce4e8a5df8c1
                                                                • Instruction ID: 3b5a89c777ee7d6643093cdaf312ad96d6a29b9baae15993568e521abaca6820
                                                                • Opcode Fuzzy Hash: 01d812a32de7f61f79a3ed5d47116a7526f8c0b75486049c93d4ce4e8a5df8c1
                                                                • Instruction Fuzzy Hash: 88015731C41A2DEBCF00EBE6DD49AEDBBB8BB09310F004646E502B2242CB349951CBA1
                                                                Function 009E10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 842720411-0
                                                                • Opcode ID: c8d36f3174ef87025c3fb3cc62d6c8730e7e6a29dd7f9ebb11ed360407dcc031
                                                                • Instruction ID: 0e60b4c22cc482286f04efb8929485fe74e0a5dc82a7288b6856063893b59d2c
                                                                • Opcode Fuzzy Hash: c8d36f3174ef87025c3fb3cc62d6c8730e7e6a29dd7f9ebb11ed360407dcc031
                                                                • Instruction Fuzzy Hash: 6A013179140315BFDB128FA5DC49EAA3F6EEF85370B104415FA45D7350DB71DC119A60
                                                                Function 009E0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009E0FCA
                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009E0FD6
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009E0FE5
                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009E0FEC
                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009E1002
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 9ce05c95fbc6ff211437d106105ea4da739661f84af4ba035856bc36c4ab5e8f
                                                                • Instruction ID: 15276874f6f6bf46c4a997959934cf6ba1553868c15792de3e28c7cafe1c3520
                                                                • Opcode Fuzzy Hash: 9ce05c95fbc6ff211437d106105ea4da739661f84af4ba035856bc36c4ab5e8f
                                                                • Instruction Fuzzy Hash: 8FF06239180351FBD7218FE5DC4DF963B6EEF89762F118414F945C72A1CA70DC418A60
                                                                Function 009E1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 009E102A
                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 009E1036
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1045
                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 009E104C
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1062
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 3ed91daf360af567bbb4adcb909725aa20f4207833e0f7bf15c7ef9fd26a473f
                                                                • Instruction ID: 686bc66e76c70a22fc60c60fff614478a26bd75941b4f32c6490b216dd644280
                                                                • Opcode Fuzzy Hash: 3ed91daf360af567bbb4adcb909725aa20f4207833e0f7bf15c7ef9fd26a473f
                                                                • Instruction Fuzzy Hash: 99F06D39280351FBDB229FE5EC49F963BAEEF89762F114424FA45C7250CA70DC418A60
                                                                Function 009F030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0324
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0331
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F033E
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F034B
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0358
                                                                • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0365
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: c0ecae9755810f8691e6523db7e8f8bbccd24ab10d242b0c2edfe98e3fca2ac2
                                                                • Instruction ID: 1403471d0aa1a7f51ba2514851dc518f684bbf2eea578c5903b548ceaae1ee71
                                                                • Opcode Fuzzy Hash: c0ecae9755810f8691e6523db7e8f8bbccd24ab10d242b0c2edfe98e3fca2ac2
                                                                • Instruction Fuzzy Hash: A801A272800B199FCB309F66D880822F7F9BF903153158A3FD29652932C3B1A955CF80
                                                                Function 009BD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 009BD752
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009BD764
                                                                • _free.LIBCMT ref: 009BD776
                                                                • _free.LIBCMT ref: 009BD788
                                                                • _free.LIBCMT ref: 009BD79A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 3bdec9aabb5e3eb24184a27046344dae4924bab37dce876065cc880b27ec76fd
                                                                • Instruction ID: befcf586a42ae01fa70eef0dbad01a2d8d6cfba3b1adc6f4ee762d7ae504c58b
                                                                • Opcode Fuzzy Hash: 3bdec9aabb5e3eb24184a27046344dae4924bab37dce876065cc880b27ec76fd
                                                                • Instruction Fuzzy Hash: F5F0C976546208BBC665EBA4FBC599677DDFB857307940C05F04CD7502DA21F8808664
                                                                Function 009E5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E9), ref: 009E5C58
                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 009E5C6F
                                                                • MessageBeep.USER32(00000000), ref: 009E5C87
                                                                • KillTimer.USER32(?,0000040A), ref: 009E5CA3
                                                                • EndDialog.USER32(?,00000001), ref: 009E5CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                • String ID:
                                                                • API String ID: 3741023627-0
                                                                • Opcode ID: ff1d7340b1727e2427f67e6ebb70765fc6b2b6b25a97fbf471db5860b24c7ab7
                                                                • Instruction ID: 45efc56679fce4d29d27d353130abd970d5984ab978ce0c0cc161d1a7b031728
                                                                • Opcode Fuzzy Hash: ff1d7340b1727e2427f67e6ebb70765fc6b2b6b25a97fbf471db5860b24c7ab7
                                                                • Instruction Fuzzy Hash: 5301AD30540B04ABEB21AB51DD5EFE677B8BB04B09F011559E293A10E1DBF4AD85CA90
                                                                Function 009B22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 009B22BE
                                                                  • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                  • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                • _free.LIBCMT ref: 009B22D0
                                                                • _free.LIBCMT ref: 009B22E3
                                                                • _free.LIBCMT ref: 009B22F4
                                                                • _free.LIBCMT ref: 009B2305
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: 2e2a3233b422b00eff0e2dedd099b25207ff2f19133f5d32a5aa2134674109c5
                                                                • Instruction ID: 7ec0b099663c8f2da13669fbbaf792cc5bb8d0efc6a317468a707145b7c194e1
                                                                • Opcode Fuzzy Hash: 2e2a3233b422b00eff0e2dedd099b25207ff2f19133f5d32a5aa2134674109c5
                                                                • Instruction Fuzzy Hash: 3CF0F4794013109BC692EFD8BE01EDC3B69F759772B050A56F418D6271C73105539FE5
                                                                Function 009995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EndPath.GDI32(?), ref: 009995D4
                                                                • StrokeAndFillPath.GDI32(?,?,009D71F7,00000000,?,?,?), ref: 009995F0
                                                                • SelectObject.GDI32(?,00000000), ref: 00999603
                                                                • DeleteObject.GDI32 ref: 00999616
                                                                • StrokePath.GDI32(?), ref: 00999631
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                • String ID:
                                                                • API String ID: 2625713937-0
                                                                • Opcode ID: 2df6036c5b76c51de6643ad0a0a69c6ef495afb2b79176d6773cc899caa51459
                                                                • Instruction ID: aa65775e2b8202a43e09ca72700a3e41b7e1de87c5da747cbb4184df4f2c7e64
                                                                • Opcode Fuzzy Hash: 2df6036c5b76c51de6643ad0a0a69c6ef495afb2b79176d6773cc899caa51459
                                                                • Instruction Fuzzy Hash: B6F01430046308EBDB22DFADED18BB93BA9BB05372F448218F865950F0C7308992DF64
                                                                Function 009B0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: __freea$_free
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3432400110-3206640213
                                                                • Opcode ID: 2065fff7083eb4130703fc692bb2d508176a5d9dcf4e59d919e70c8025315f53
                                                                • Instruction ID: 8ee1d93c4cec42699cd7ad7f74353e61503a8454899b1c595cd4e799fcd561ae
                                                                • Opcode Fuzzy Hash: 2065fff7083eb4130703fc692bb2d508176a5d9dcf4e59d919e70c8025315f53
                                                                • Instruction Fuzzy Hash: 0FD12831904206CBCB249F68CA69BFEB7F8FF46330FA84519E5119B650E3759D80CB91
                                                                Function 00A07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009A0242: EnterCriticalSection.KERNEL32(00A5070C,00A51884,?,?,0099198B,00A52518,?,?,?,009812F9,00000000), ref: 009A024D
                                                                  • Part of subcall function 009A0242: LeaveCriticalSection.KERNEL32(00A5070C,?,0099198B,00A52518,?,?,?,009812F9,00000000), ref: 009A028A
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009A00A3: __onexit.LIBCMT ref: 009A00A9
                                                                • __Init_thread_footer.LIBCMT ref: 00A07BFB
                                                                  • Part of subcall function 009A01F8: EnterCriticalSection.KERNEL32(00A5070C,?,?,00998747,00A52514), ref: 009A0202
                                                                  • Part of subcall function 009A01F8: LeaveCriticalSection.KERNEL32(00A5070C,?,00998747,00A52514), ref: 009A0235
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                • API String ID: 535116098-3733170431
                                                                • Opcode ID: 4e3467421033bd338ed25eb70766a8c5fabf54f38a1dd3055691c7f9393e3caf
                                                                • Instruction ID: 2c1d238e636b8c27b7ab14d3eb385c4a64d0c9a47d532d456886a39c421f5c3f
                                                                • Opcode Fuzzy Hash: 4e3467421033bd338ed25eb70766a8c5fabf54f38a1dd3055691c7f9393e3caf
                                                                • Instruction Fuzzy Hash: 01917C74A04209AFCB14EF94E991ABEB7B1FF89300F148059F8069B291DB71AE45CB51
                                                                Function 009E2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009E21D0,?,?,00000034,00000800,?,00000034), ref: 009EB42D
                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 009E2760
                                                                  • Part of subcall function 009EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 009EB3F8
                                                                  • Part of subcall function 009EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 009EB355
                                                                  • Part of subcall function 009EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,009E2194,00000034,?,?,00001004,00000000,00000000), ref: 009EB365
                                                                  • Part of subcall function 009EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,009E2194,00000034,?,?,00001004,00000000,00000000), ref: 009EB37B
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009E27CD
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009E281A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                • String ID: @
                                                                • API String ID: 4150878124-2766056989
                                                                • Opcode ID: 7a5843552f07ecd143978eccf2f16a7f95499c8de98ed5b3298788436dd965a8
                                                                • Instruction ID: 621050fc487ffc1219fbdc048f268d4a9701c49ce83952002dda882d1960c25f
                                                                • Opcode Fuzzy Hash: 7a5843552f07ecd143978eccf2f16a7f95499c8de98ed5b3298788436dd965a8
                                                                • Instruction Fuzzy Hash: 0E415C72900218AFDB11DFA4CD42BEEBBB8EF49300F009095FA55B7181DB716E45CBA1
                                                                Function 009B172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 009B1769
                                                                • _free.LIBCMT ref: 009B1834
                                                                • _free.LIBCMT ref: 009B183E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$FileModuleName
                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                • API String ID: 2506810119-4010620828
                                                                • Opcode ID: 5c159161fc71f2c78cbe4fba81e134ad78b39c49f59e5ab509776909f66772f1
                                                                • Instruction ID: c98975794f892a5b6802da17fff34e1c57c9f34e353bff8ffd61ff3e7bf375e0
                                                                • Opcode Fuzzy Hash: 5c159161fc71f2c78cbe4fba81e134ad78b39c49f59e5ab509776909f66772f1
                                                                • Instruction Fuzzy Hash: E2316E71A40218ABDB21DF999A95EEEBBFCFB85320F54416AF804D7211DA708E41CB90
                                                                Function 009EC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 009EC306
                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 009EC34C
                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00A51990,016C5F68), ref: 009EC395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Delete$InfoItem
                                                                • String ID: 0
                                                                • API String ID: 135850232-4108050209
                                                                • Opcode ID: 6c3d91b634f0a351a00f953daa17a741c7554c7d83432b17b14fff5243e33c45
                                                                • Instruction ID: 6c91825b7aa7f27b8fc4d35962188b349899f541c4af2a6006b3ce917dbc763b
                                                                • Opcode Fuzzy Hash: 6c3d91b634f0a351a00f953daa17a741c7554c7d83432b17b14fff5243e33c45
                                                                • Instruction Fuzzy Hash: 7E41B2B12043819FD721DF26D844F5ABBE8AF85321F048A1DF9A5972D1D730ED06CB62
                                                                Function 00A14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A1CC08,00000000,?,?,?,?), ref: 00A144AA
                                                                • GetWindowLongW.USER32 ref: 00A144C7
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A144D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID: SysTreeView32
                                                                • API String ID: 847901565-1698111956
                                                                • Opcode ID: e9c9e12a6fb5a0e8555ac02fd345a613e21cd3e2f8a25d34618acb978dcc1abc
                                                                • Instruction ID: 156ac405e5d1b2d24b4dae4118be53eec8ea3b0b0da3f9e04b3b2fcf41ccb9ff
                                                                • Opcode Fuzzy Hash: e9c9e12a6fb5a0e8555ac02fd345a613e21cd3e2f8a25d34618acb978dcc1abc
                                                                • Instruction Fuzzy Hash: 5331AB32200205AFEF209F78DC45BEA7BAAEB48334F208725F975921E0D770EC919B50
                                                                Function 00A0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00A0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A03077,?,?), ref: 00A03378
                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                • _wcslen.LIBCMT ref: 00A0309B
                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00A03106
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                • String ID: 255.255.255.255
                                                                • API String ID: 946324512-2422070025
                                                                • Opcode ID: 6f2befddb1463483c5e4277b047c849d7dbbf49b15885c5a14a7bb372b04176d
                                                                • Instruction ID: 4bb475fb338b6f4267e414292a96bcc4a2fe9a75258f1b88cc2cd4034aa50604
                                                                • Opcode Fuzzy Hash: 6f2befddb1463483c5e4277b047c849d7dbbf49b15885c5a14a7bb372b04176d
                                                                • Instruction Fuzzy Hash: 4B31D33A6002099FCF10CF68E585EAA77F8EF54318F248159E9158B3D2DB72EE45C761
                                                                Function 00A13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00A13F40
                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A13F54
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A13F78
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window
                                                                • String ID: SysMonthCal32
                                                                • API String ID: 2326795674-1439706946
                                                                • Opcode ID: 5260ff640d653aa8523228537818f5e6a0d1f440f96e5823d5a8cfb732a45d1e
                                                                • Instruction ID: 8e2879063012f9595f3a25ba92ff17e83c27385c4ed1815f935561bde6bf3dd9
                                                                • Opcode Fuzzy Hash: 5260ff640d653aa8523228537818f5e6a0d1f440f96e5823d5a8cfb732a45d1e
                                                                • Instruction Fuzzy Hash: 07218B33600219BBDF259F90DC46FEA3B7AEB88724F110214FA15AB1D0D6B5A9958B90
                                                                Function 00A14653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A14705
                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A14713
                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A1471A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyWindow
                                                                • String ID: msctls_updown32
                                                                • API String ID: 4014797782-2298589950
                                                                • Opcode ID: 4c0f78bdb3309cd5fcff72934f109aba49dfa32b16535d8a05ae47266e540bed
                                                                • Instruction ID: c2bd2f74e5f24a735454fcdb17a6ed0e395db56061406bb69cda0b7fc0307cf2
                                                                • Opcode Fuzzy Hash: 4c0f78bdb3309cd5fcff72934f109aba49dfa32b16535d8a05ae47266e540bed
                                                                • Instruction Fuzzy Hash: D52160B5600208AFEB10DF68DCC1DB737ADEB8A7A4B040059FA109B391DB70EC52CB60
                                                                Function 009E95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                • API String ID: 176396367-2734436370
                                                                • Opcode ID: 23d5976643dc9a7e2e15a66fbd9c50a90c3fd693aa37472667af08e1d606440c
                                                                • Instruction ID: 956497cf0d27fe1cd8626d45533d45077b7935f21e2437accee61d41f0f84280
                                                                • Opcode Fuzzy Hash: 23d5976643dc9a7e2e15a66fbd9c50a90c3fd693aa37472667af08e1d606440c
                                                                • Instruction Fuzzy Hash: E9215E722046906AC732BB269C06FBBB3DCAFD1700F604826F9499B141EF55DD81C3D5
                                                                Function 00A137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A13840
                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A13850
                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A13876
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MoveWindow
                                                                • String ID: Listbox
                                                                • API String ID: 3315199576-2633736733
                                                                • Opcode ID: a3fb18e06e8b2f95a3a62ac3cf33da4d38a917e3d5299fa7595f659eeaa951c5
                                                                • Instruction ID: 5cfe5605ab8f6661e5b617e43b2472b96ee2b481e061aaf76e7080834996bff5
                                                                • Opcode Fuzzy Hash: a3fb18e06e8b2f95a3a62ac3cf33da4d38a917e3d5299fa7595f659eeaa951c5
                                                                • Instruction Fuzzy Hash: 5A217C72610218BBEF21DF95DC85FFB376EEF89760F108124F9149B190CA759C9287A0
                                                                Function 009F49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 009F4A08
                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 009F4A5C
                                                                • SetErrorMode.KERNEL32(00000000,?,?,00A1CC08), ref: 009F4AD0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$InformationVolume
                                                                • String ID: %lu
                                                                • API String ID: 2507767853-685833217
                                                                • Opcode ID: 0c96f39c77774036a7716a7bec0546536907d3ee8cd632b8fccfa0ca1fcff42f
                                                                • Instruction ID: 0fa2738ee66bff6b9aad57af393c174662b09afa1e14dc21bac144490ee1b73f
                                                                • Opcode Fuzzy Hash: 0c96f39c77774036a7716a7bec0546536907d3ee8cd632b8fccfa0ca1fcff42f
                                                                • Instruction Fuzzy Hash: F5319174A40108AFDB10DF54C881EAABBF8EF48318F1480A8F909DB352D771ED46CB61
                                                                Function 00A141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A1424F
                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A14264
                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A14271
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: msctls_trackbar32
                                                                • API String ID: 3850602802-1010561917
                                                                • Opcode ID: dba42f6e797ab44ccd07c8f6667f1e2994c11765382ab9a07296481e7c537da9
                                                                • Instruction ID: 0dc21b92f7a2f889ac08aaaf966469aefd1fa3cdc11bf160a86da93a47c442eb
                                                                • Opcode Fuzzy Hash: dba42f6e797ab44ccd07c8f6667f1e2994c11765382ab9a07296481e7c537da9
                                                                • Instruction Fuzzy Hash: E311C671240248BEEF209F69CC46FEB3BADEF99B64F110614FA55E6090D671DC919B10
                                                                Function 009E2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                  • Part of subcall function 009E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 009E2DC5
                                                                  • Part of subcall function 009E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E2DD6
                                                                  • Part of subcall function 009E2DA7: GetCurrentThreadId.KERNEL32 ref: 009E2DDD
                                                                  • Part of subcall function 009E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 009E2DE4
                                                                • GetFocus.USER32 ref: 009E2F78
                                                                  • Part of subcall function 009E2DEE: GetParent.USER32(00000000), ref: 009E2DF9
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 009E2FC3
                                                                • EnumChildWindows.USER32(?,009E303B), ref: 009E2FEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                • String ID: %s%d
                                                                • API String ID: 1272988791-1110647743
                                                                • Opcode ID: 1efef1108ad99c1266843477fb6af030a07806a0814f7486ebf88eb022c237d3
                                                                • Instruction ID: 6958de6f944338a4520055cae016ae33d1812f8e34d12d2848f94d8d7fdbd6e5
                                                                • Opcode Fuzzy Hash: 1efef1108ad99c1266843477fb6af030a07806a0814f7486ebf88eb022c237d3
                                                                • Instruction Fuzzy Hash: BE11A2756002456BCF15BF75DC89FEE376EAFD4314F048075BA099B292DE309E458B60
                                                                Function 00A15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A158C1
                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A158EE
                                                                • DrawMenuBar.USER32(?), ref: 00A158FD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$InfoItem$Draw
                                                                • String ID: 0
                                                                • API String ID: 3227129158-4108050209
                                                                • Opcode ID: 851538bbe7eb9e97d481fcf908b40771eaaadaf8503873170ca2a53510897112
                                                                • Instruction ID: 2439c447083dd9a75b77827958fb9a03f93385a5b70262b4f01f8f9d9c989f08
                                                                • Opcode Fuzzy Hash: 851538bbe7eb9e97d481fcf908b40771eaaadaf8503873170ca2a53510897112
                                                                • Instruction Fuzzy Hash: F0016D35900218EFDB219FA5DC44BEEBBB9FB85360F10C099E849D6151DB308AC4DF21
                                                                Function 009DD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 009DD3BF
                                                                • FreeLibrary.KERNEL32 ref: 009DD3E5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                • API String ID: 3013587201-2590602151
                                                                • Opcode ID: e34f5901813f14b4e72b702f297a8fad3b946990dbf415c1fc1fd374d6bd2703
                                                                • Instruction ID: 8bd7f3ba0bf4db69f9d166ee9b4907921b775124a107134f65b1c091590e3e6b
                                                                • Opcode Fuzzy Hash: e34f5901813f14b4e72b702f297a8fad3b946990dbf415c1fc1fd374d6bd2703
                                                                • Instruction Fuzzy Hash: 4EF055344C3610EBD7308A188C48DADB338BF00B11B64CA4BF126F6294E734CC84CB42
                                                                Function 009E007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 88e97fa0fab8b9460e25b362d0d4b6681f18563f72bb54c3470620b435eba6f1
                                                                • Instruction ID: d5a2ccddce0066ebf3b0f1e6687a21479abba3774c2a5201ef408edb15beacec
                                                                • Opcode Fuzzy Hash: 88e97fa0fab8b9460e25b362d0d4b6681f18563f72bb54c3470620b435eba6f1
                                                                • Instruction Fuzzy Hash: B1C16C75A0024AEFCB15CFA5C894BAEB7B9FF88304F208598E515EB251D771ED81CB90
                                                                Function 009B3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: __alldvrm$_strrchr
                                                                • String ID:
                                                                • API String ID: 1036877536-0
                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction ID: e248748538cebb7931629ca3b73a7081fcae61f609b08af9f11bc8e88ac28dca
                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction Fuzzy Hash: 52A15971D043869FEB11DF18CA917FEBBE9EF62360F14816DE5859B282C2388D41D751
                                                                Function 00A0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                • String ID:
                                                                • API String ID: 1998397398-0
                                                                • Opcode ID: fe0e49a58d45d05dba0f13c959bd1a9306d2233ac02028e63ecab910da3f96f7
                                                                • Instruction ID: a9bed9e432dcf7d10fea4e081677c9748d6e40e9db41a091b2efaaa1d7bf5c1b
                                                                • Opcode Fuzzy Hash: fe0e49a58d45d05dba0f13c959bd1a9306d2233ac02028e63ecab910da3f96f7
                                                                • Instruction Fuzzy Hash: D5A14D766043049FCB00EF68D585A2AB7E9FF88714F14885DF99A9B3A2DB31ED01CB51
                                                                Function 009E0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E05F0
                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E0608
                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00A1CC40,000000FF,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E062D
                                                                • _memcmp.LIBVCRUNTIME ref: 009E064E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FromProg$FreeTask_memcmp
                                                                • String ID:
                                                                • API String ID: 314563124-0
                                                                • Opcode ID: 9a083f149c432dc86124c6d39bd9cffa8957e776ee35f36999018b7428b834ff
                                                                • Instruction ID: 212c721a9a93d77edfcfd1f700471f8a677176b9707b80f7071bcb32659975a6
                                                                • Opcode Fuzzy Hash: 9a083f149c432dc86124c6d39bd9cffa8957e776ee35f36999018b7428b834ff
                                                                • Instruction Fuzzy Hash: 2F811771A00209EFCB05DF95C984EEEB7B9FF89315F204598F506AB250DB71AE46CB60
                                                                Function 00A0A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00A0A6AC
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00A0A6BA
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00A0A79C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00A0A7AB
                                                                  • Part of subcall function 0099CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,009C3303,?), ref: 0099CE8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                • String ID:
                                                                • API String ID: 1991900642-0
                                                                • Opcode ID: 013cf606bff5e90d89bb2a3ebb1b6a02231a7fbedbba1f66b881e480ba3c8af1
                                                                • Instruction ID: 105ae1c124fc02bee40b24b0f5f8bf66a4e22f425ccb2a0813d55f251f2ebc78
                                                                • Opcode Fuzzy Hash: 013cf606bff5e90d89bb2a3ebb1b6a02231a7fbedbba1f66b881e480ba3c8af1
                                                                • Instruction Fuzzy Hash: BF515BB1508301AFD710EF64D886A6BBBE8FFC9754F00892DF595972A1EB31D904CB92
                                                                Function 009C1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 9e0183e7649a3b8ba97ed154b2980affbd17f4a23f68b016c7d2be61e9033dec
                                                                • Instruction ID: 384267337d161fd93fa02441f863d4d03665561ad89a1185ef751fc5008f7396
                                                                • Opcode Fuzzy Hash: 9e0183e7649a3b8ba97ed154b2980affbd17f4a23f68b016c7d2be61e9033dec
                                                                • Instruction Fuzzy Hash: 94413E31D00510ABDB297BF98C45FFE3AA9EF83370F14462DF819D62A3E634484156A7
                                                                Function 00A16278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00A162E2
                                                                • ScreenToClient.USER32(?,?), ref: 00A16315
                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A16382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientMoveRectScreen
                                                                • String ID:
                                                                • API String ID: 3880355969-0
                                                                • Opcode ID: 508bd5b62da4d348c702fef18b27670bb949a92454080fcf97f1c70c7e191970
                                                                • Instruction ID: 49e63783771f26990e8c3ed65871c2205372f5d74ecec89f57505de3308f608d
                                                                • Opcode Fuzzy Hash: 508bd5b62da4d348c702fef18b27670bb949a92454080fcf97f1c70c7e191970
                                                                • Instruction Fuzzy Hash: 7651F974A00209EFDB10DF68D981AEE7BB6FB45360F108169F965DB2A0D770ED81CB50
                                                                Function 00A01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00A01AFD
                                                                • WSAGetLastError.WSOCK32 ref: 00A01B0B
                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A01B8A
                                                                • WSAGetLastError.WSOCK32 ref: 00A01B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$socket
                                                                • String ID:
                                                                • API String ID: 1881357543-0
                                                                • Opcode ID: b167f80638d4834c1ae9f55239b9734ab51a8ee60ff6319a73c1d066a161415f
                                                                • Instruction ID: bcb4029441fb70644131dbea6c08279850db8b2f347029dfe6eafe5186767d51
                                                                • Opcode Fuzzy Hash: b167f80638d4834c1ae9f55239b9734ab51a8ee60ff6319a73c1d066a161415f
                                                                • Instruction Fuzzy Hash: 7041C474640200AFE720AF24D886F6577E5AF85718F54C448FA1A9F7D2E772DD42CB90
                                                                Function 009BB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78420e15445c8599d7c52c055b46ecae91615ca223f1a1404bb6dcbb6e562829
                                                                • Instruction ID: ae40fa690e73edba48edabd81efcb54dfc3a0617675f4fc468893ea111d2adbc
                                                                • Opcode Fuzzy Hash: 78420e15445c8599d7c52c055b46ecae91615ca223f1a1404bb6dcbb6e562829
                                                                • Instruction Fuzzy Hash: 54413871A00704AFD7249F78CD41BAABBA9EBC9720F10452EF556DB2D2D7B199008780
                                                                Function 009F56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 009F5783
                                                                • GetLastError.KERNEL32(?,00000000), ref: 009F57A9
                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009F57CE
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009F57FA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                • String ID:
                                                                • API String ID: 3321077145-0
                                                                • Opcode ID: a480ebee3385cb797b14305e0219bfdf15b86cf6525247f4cae2963772254e29
                                                                • Instruction ID: 1c9eca90d37a10d8b8e4b940e8f1e6b0e3f3ce3e355a34e5b81ff419d13eacbd
                                                                • Opcode Fuzzy Hash: a480ebee3385cb797b14305e0219bfdf15b86cf6525247f4cae2963772254e29
                                                                • Instruction Fuzzy Hash: 1D412939600610DFCB11EF55C444A5EBBE6AF89720B19C488F95AAB362CB34FD41CB91
                                                                Function 009BD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,009A6D71,00000000,00000000,009A82D9,?,009A82D9,?,00000001,009A6D71,8BE85006,00000001,009A82D9,009A82D9), ref: 009BD910
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009BD999
                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 009BD9AB
                                                                • __freea.LIBCMT ref: 009BD9B4
                                                                  • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                • String ID:
                                                                • API String ID: 2652629310-0
                                                                • Opcode ID: 01adaee579ebebe6b8bf4dd47e4dad97404d95bb489d3452837c7b80edf0a83a
                                                                • Instruction ID: baff225efbda4ad63ec59b34815cff5a7d3f3f7419d928086635660e4acb2e82
                                                                • Opcode Fuzzy Hash: 01adaee579ebebe6b8bf4dd47e4dad97404d95bb489d3452837c7b80edf0a83a
                                                                • Instruction Fuzzy Hash: 0631C172A0221AABDF24DFA5DD45EEE7BA9EB81720F054168FC04D7150EB35CD51CB90
                                                                Function 00A152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00A15352
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A15375
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A15382
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A153A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                • String ID:
                                                                • API String ID: 3340791633-0
                                                                • Opcode ID: 3bdedbc40e38eed23abe4e75f26fe4f6e1a90b07e3bf3eafecd9bcd8e7df57bb
                                                                • Instruction ID: a5b239070de5e836280c2e06e9b002664120c52c7e9c3c938c742bc1cf364214
                                                                • Opcode Fuzzy Hash: 3bdedbc40e38eed23abe4e75f26fe4f6e1a90b07e3bf3eafecd9bcd8e7df57bb
                                                                • Instruction Fuzzy Hash: 2B31C434E55A08EFEB349F74CC25BE83766AB85390F584102FA309B1E1C7B49DC0AB41
                                                                Function 009EAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 009EABF1
                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 009EAC0D
                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 009EAC74
                                                                • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 009EACC6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 9fb91712908d187e4941020c8d6b1320088751aa588f7d66184e338fb3cddd53
                                                                • Instruction ID: 30b06061448a5289111ac2ada1ad6a57d80831c35795f1fba121fdf2004f4753
                                                                • Opcode Fuzzy Hash: 9fb91712908d187e4941020c8d6b1320088751aa588f7d66184e338fb3cddd53
                                                                • Instruction Fuzzy Hash: D6313B30A403986FEF36CB668C047FE7BA9AB85320F28471AE4D5521F1C378AD858753
                                                                Function 00A17674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ClientToScreen.USER32(?,?), ref: 00A1769A
                                                                • GetWindowRect.USER32(?,?), ref: 00A17710
                                                                • PtInRect.USER32(?,?,00A18B89), ref: 00A17720
                                                                • MessageBeep.USER32(00000000), ref: 00A1778C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                • String ID:
                                                                • API String ID: 1352109105-0
                                                                • Opcode ID: ad95808c4bacb3a855a0f50776d52cae3c949cefc372cbe8ba2de67b98dfad6e
                                                                • Instruction ID: 98a6cf134fe269b2e1177bcaa5fa3e0b5d162c4014fdd4be3870b6a29253fdd6
                                                                • Opcode Fuzzy Hash: ad95808c4bacb3a855a0f50776d52cae3c949cefc372cbe8ba2de67b98dfad6e
                                                                • Instruction Fuzzy Hash: 5A416D74A05214DFCB11CF98C894EEDB7F5FB49315F1591A8E4249B2A1C730E982CF90
                                                                Function 00A116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32 ref: 00A116EB
                                                                  • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                  • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                  • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                • GetCaretPos.USER32(?), ref: 00A116FF
                                                                • ClientToScreen.USER32(00000000,?), ref: 00A1174C
                                                                • GetForegroundWindow.USER32 ref: 00A11752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                • String ID:
                                                                • API String ID: 2759813231-0
                                                                • Opcode ID: 701271d0bf65717374d92ecb99c2ca433bbad2f1bfdc6ae562711609a7cb05ce
                                                                • Instruction ID: 56a27844342be0f294674723073164dccae35a6460ec15f6d60a2e839de0f26d
                                                                • Opcode Fuzzy Hash: 701271d0bf65717374d92ecb99c2ca433bbad2f1bfdc6ae562711609a7cb05ce
                                                                • Instruction Fuzzy Hash: 99313E71D00149AFDB00EFA9C885DEEBBF9EF88304B5080AAE515E7352D631DE45CBA1
                                                                Function 009EDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                • _wcslen.LIBCMT ref: 009EDFCB
                                                                • _wcslen.LIBCMT ref: 009EDFE2
                                                                • _wcslen.LIBCMT ref: 009EE00D
                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 009EE018
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 3763101759-0
                                                                • Opcode ID: 89b156c76cac28845f1b096ffbef9afb23120bbb71c03986c54aa25eec4585eb
                                                                • Instruction ID: d31144417322ab899741756b7be0ecf70365810a0709aaf1d3fabfc803f71748
                                                                • Opcode Fuzzy Hash: 89b156c76cac28845f1b096ffbef9afb23120bbb71c03986c54aa25eec4585eb
                                                                • Instruction Fuzzy Hash: C6217171901214AFCB11EFA9D981BAEB7F8EF86750F144065E805BB245D7709E418BA1
                                                                Function 00A18FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • GetCursorPos.USER32(?), ref: 00A19001
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,009D7711,?,?,?,?,?), ref: 00A19016
                                                                • GetCursorPos.USER32(?), ref: 00A1905E
                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,009D7711,?,?,?), ref: 00A19094
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                • String ID:
                                                                • API String ID: 2864067406-0
                                                                • Opcode ID: 8cd5f7ea6bd16e263b7901033580346604bf38e4e7cb96c35120ca931b29ee98
                                                                • Instruction ID: 47df6954838f89f23c6b295b717f04fc7a202d7093df092a66edbcb27518be9e
                                                                • Opcode Fuzzy Hash: 8cd5f7ea6bd16e263b7901033580346604bf38e4e7cb96c35120ca931b29ee98
                                                                • Instruction Fuzzy Hash: 67217C35600128EFCB25CF98C868FFB7BBAEB89361F044069F90547261C3359D91DB61
                                                                Function 009ED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNEL32(?,00A1CB68), ref: 009ED2FB
                                                                • GetLastError.KERNEL32 ref: 009ED30A
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 009ED319
                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A1CB68), ref: 009ED376
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                • String ID:
                                                                • API String ID: 2267087916-0
                                                                • Opcode ID: 450494d2772b84023eaf6d98c6027f042b35508169304e0725d94acef41cf869
                                                                • Instruction ID: 5ff8bcc32dc4bf1c10b3387dcf50f28f7558307db83f4c1ab751133e1946e322
                                                                • Opcode Fuzzy Hash: 450494d2772b84023eaf6d98c6027f042b35508169304e0725d94acef41cf869
                                                                • Instruction Fuzzy Hash: 8D21B17450A2019FC300EF25C8818AEB7E8AF9A368F105A1DF499C72E1E730DD46CB93
                                                                Function 009E1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 009E102A
                                                                  • Part of subcall function 009E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 009E1036
                                                                  • Part of subcall function 009E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1045
                                                                  • Part of subcall function 009E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 009E104C
                                                                  • Part of subcall function 009E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1062
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009E15BE
                                                                • _memcmp.LIBVCRUNTIME ref: 009E15E1
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E1617
                                                                • HeapFree.KERNEL32(00000000), ref: 009E161E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                • String ID:
                                                                • API String ID: 1592001646-0
                                                                • Opcode ID: 849e8511ea97bf1fa43b9259eed6bb064c82e2f9f17adc2464a949754ff63c75
                                                                • Instruction ID: e37cacba53d03b9c2bac789893ef5ec1365bfd653d11994383d91cd3b203f485
                                                                • Opcode Fuzzy Hash: 849e8511ea97bf1fa43b9259eed6bb064c82e2f9f17adc2464a949754ff63c75
                                                                • Instruction Fuzzy Hash: 9E21AC31E40209EFDF05DFA6C945BEEB7B8EF84354F088459E445AB241EB30AE05CBA0
                                                                Function 00A12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00A1280A
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A12824
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A12832
                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A12840
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$AttributesLayered
                                                                • String ID:
                                                                • API String ID: 2169480361-0
                                                                • Opcode ID: 473e7940905b01acc26a9224f963632761fce74538b22835c6a654286d700c2b
                                                                • Instruction ID: a9a56803b3d78c4a33d9a96f3a1725dfbaed56a6d211085a67a556483035e3b9
                                                                • Opcode Fuzzy Hash: 473e7940905b01acc26a9224f963632761fce74538b22835c6a654286d700c2b
                                                                • Instruction Fuzzy Hash: 5F21B035244511AFE714DB24C845FEA7BAAAF85324F148158F4268B6E2CB71FC92CBD0
                                                                Function 009E78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 009E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,009E790A,?,000000FF,?,009E8754,00000000,?,0000001C,?,?), ref: 009E8D8C
                                                                  • Part of subcall function 009E8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 009E8DB2
                                                                  • Part of subcall function 009E8D7D: lstrcmpiW.KERNEL32(00000000,?,009E790A,?,000000FF,?,009E8754,00000000,?,0000001C,?,?), ref: 009E8DE3
                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E7923
                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 009E7949
                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E7984
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                • String ID: cdecl
                                                                • API String ID: 4031866154-3896280584
                                                                • Opcode ID: 071fe850e003493541d7d549ee8d2c8194ca04ef28269eede6fbaed8602d8604
                                                                • Instruction ID: cfd39c45fe6bdc7000232f299f2376ad23ff27c306c7aa5095dac41c0207cf56
                                                                • Opcode Fuzzy Hash: 071fe850e003493541d7d549ee8d2c8194ca04ef28269eede6fbaed8602d8604
                                                                • Instruction Fuzzy Hash: 2011E93A200381ABCB169FB9DC45E7BB7A9FF85350B50802AF946C72A5EB319C11C752
                                                                Function 00A17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00A17D0B
                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A17D2A
                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A17D42
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,009FB7AD,00000000), ref: 00A17D6B
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID:
                                                                • API String ID: 847901565-0
                                                                • Opcode ID: a265ecbf19d75d170229ce29caa016894ae49910957629b86edfa28a65b73aee
                                                                • Instruction ID: 9806152d2e6c5495448c874b449d512e3679152ce8171c90d0a3183b966752a1
                                                                • Opcode Fuzzy Hash: a265ecbf19d75d170229ce29caa016894ae49910957629b86edfa28a65b73aee
                                                                • Instruction Fuzzy Hash: 18118C31645619AFCB109F68DC04ABA3BB5BF45375B159724F839C72E0D7309991CB90
                                                                Function 00A15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00A156BB
                                                                • _wcslen.LIBCMT ref: 00A156CD
                                                                • _wcslen.LIBCMT ref: 00A156D8
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A15816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend_wcslen
                                                                • String ID:
                                                                • API String ID: 455545452-0
                                                                • Opcode ID: 5ecaaf5ee138d23bcaaef3967b3d2861a7a00e7d6c9e8f37944fee612e49ffbd
                                                                • Instruction ID: 5f8ca1f545829b3da26dd4dbcafe609526cbe4beb5fa2f933199f1d35aa057ac
                                                                • Opcode Fuzzy Hash: 5ecaaf5ee138d23bcaaef3967b3d2861a7a00e7d6c9e8f37944fee612e49ffbd
                                                                • Instruction Fuzzy Hash: CF11B471E00604DADF20DFB5CC85AEE777CAF95764B108026F915D6081E77489C4CBA0
                                                                Function 009B1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 775968df65c5cc5b038ec408aac648ddf38c2188eda5e7f41a6c5f1c98520a1e
                                                                • Instruction ID: 3838314a6ae8aadb1db9e5d47f2256a6db90615c5fcb3b80f445f6e5106e9778
                                                                • Opcode Fuzzy Hash: 775968df65c5cc5b038ec408aac648ddf38c2188eda5e7f41a6c5f1c98520a1e
                                                                • Instruction Fuzzy Hash: B801ADB220A61A7FF6212AB86DD0FE7671CEFC17B8F740725F521A11D2DB608C005160
                                                                Function 009E1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 009E1A47
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A59
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A6F
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 4aa99e840b01aaf418895167989a434da2328ffe94b3baeb72c5619a38587d5e
                                                                • Instruction ID: e82ecf9922219db65762784fcee6ebd7ff602adee1aab3dc3212097b915b1ac4
                                                                • Opcode Fuzzy Hash: 4aa99e840b01aaf418895167989a434da2328ffe94b3baeb72c5619a38587d5e
                                                                • Instruction Fuzzy Hash: 0D11393AD01219FFEF11DBA5CD85FADBB78EB08750F2000A1EA00B7290D6716E50DB94
                                                                Function 009EE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 009EE1FD
                                                                • MessageBoxW.USER32(?,?,?,?), ref: 009EE230
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 009EE246
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 009EE24D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                • String ID:
                                                                • API String ID: 2880819207-0
                                                                • Opcode ID: 75961d5441b2b0721e190de313784a8e18bbaa75e9ee4a3367dfc4ab741e80cc
                                                                • Instruction ID: 772f70c51c918d8591f6f8c7366fc7fc4240ae5f78ed25b4be88e948d1d26551
                                                                • Opcode Fuzzy Hash: 75961d5441b2b0721e190de313784a8e18bbaa75e9ee4a3367dfc4ab741e80cc
                                                                • Instruction Fuzzy Hash: 3B1104B6904254BBC702DFE89C09BEE7FACAB85331F008215F924E7390D2B0CE0587A0
                                                                Function 009AD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNEL32(00000000,?,009ACFF9,00000000,00000004,00000000), ref: 009AD218
                                                                • GetLastError.KERNEL32 ref: 009AD224
                                                                • __dosmaperr.LIBCMT ref: 009AD22B
                                                                • ResumeThread.KERNEL32(00000000), ref: 009AD249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                • String ID:
                                                                • API String ID: 173952441-0
                                                                • Opcode ID: a0e19dd01cd094da5b5815d18560a2a4c5a98fa0326efc3a4a272e4f35353d0c
                                                                • Instruction ID: 3dc192258b9da97fcf42498adef3a6c843b4fd56d38215207e64bd98d85ddcef
                                                                • Opcode Fuzzy Hash: a0e19dd01cd094da5b5815d18560a2a4c5a98fa0326efc3a4a272e4f35353d0c
                                                                • Instruction Fuzzy Hash: 6801C076846214BBCB216BA5DC09BAA7A6DDFC3730F104229FD36965D0DB708901C6E0
                                                                Function 00A19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                • GetClientRect.USER32(?,?), ref: 00A19F31
                                                                • GetCursorPos.USER32(?), ref: 00A19F3B
                                                                • ScreenToClient.USER32(?,?), ref: 00A19F46
                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00A19F7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                • String ID:
                                                                • API String ID: 4127811313-0
                                                                • Opcode ID: 0d193c89ee80233fb1a713a01c086cffa1fd1aa5f41937df63f11e4f13abd87d
                                                                • Instruction ID: 3d730f0df30949f546e41db330bdea4bf452312f4e803206cb8dbb0ced9d29df
                                                                • Opcode Fuzzy Hash: 0d193c89ee80233fb1a713a01c086cffa1fd1aa5f41937df63f11e4f13abd87d
                                                                • Instruction Fuzzy Hash: 1F11153290021ABBDB10DFA8D9999FE77B9FB45321F504455F912E3150D730BAC6CBA1
                                                                Function 0098600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                • GetStockObject.GDI32(00000011), ref: 00986060
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                • String ID:
                                                                • API String ID: 3970641297-0
                                                                • Opcode ID: 445a86cec29187f79223c6c8af230cf554884e7560c71b496289fca1cdbcdfd0
                                                                • Instruction ID: d9565c9f7d8c06521cae3fffbba5f655c727fc8605a096836f330a70943a401a
                                                                • Opcode Fuzzy Hash: 445a86cec29187f79223c6c8af230cf554884e7560c71b496289fca1cdbcdfd0
                                                                • Instruction Fuzzy Hash: A011AD72501508BFEF129FA58C44FEABB6DFF083A4F004205FA1556210D7369C60DBA5
                                                                Function 009A3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 009A3B56
                                                                  • Part of subcall function 009A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 009A3AD2
                                                                  • Part of subcall function 009A3AA3: ___AdjustPointer.LIBCMT ref: 009A3AED
                                                                • _UnwindNestedFrames.LIBCMT ref: 009A3B6B
                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 009A3B7C
                                                                • CallCatchBlock.LIBVCRUNTIME ref: 009A3BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                • String ID:
                                                                • API String ID: 737400349-0
                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction ID: 83401c591d6cd1615c461c3ea846b7023fd8ed85def1b664522ca59c3b3639a8
                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction Fuzzy Hash: 52014C32100148BBDF125E95DC46EEB7F6EEF8A754F058014FE5866121C772E961DBE0
                                                                Function 009B3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,009813C6,00000000,00000000,?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue), ref: 009B30A5
                                                                • GetLastError.KERNEL32(?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue,00A22290,FlsSetValue,00000000,00000364,?,009B2E46), ref: 009B30B1
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue,00A22290,FlsSetValue,00000000), ref: 009B30BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID:
                                                                • API String ID: 3177248105-0
                                                                • Opcode ID: 7f68eb71cd43faea8e465bb00caec2c5efcbb30feb340f7d82249e9840001269
                                                                • Instruction ID: f2bd7504a90a18e6baa275261f1e205ce5fb4be3b19825c8ccb179ea3f92818b
                                                                • Opcode Fuzzy Hash: 7f68eb71cd43faea8e465bb00caec2c5efcbb30feb340f7d82249e9840001269
                                                                • Instruction Fuzzy Hash: 1001D436745232ABCB31EBB8AD449E77B9CAF05B71B208620F906E7140CB25D902C6E0
                                                                Function 009E7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 009E747F
                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 009E7497
                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009E74AC
                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009E74CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                • String ID:
                                                                • API String ID: 1352324309-0
                                                                • Opcode ID: f0dbd0bd58102a959c37ceb0bdcb0a1c3eb09913ae12f5719ee0fb6424a779cb
                                                                • Instruction ID: e6c587123b29ebf0dece707a50046b34f721da004d5857b775ad93cfbcf09a48
                                                                • Opcode Fuzzy Hash: f0dbd0bd58102a959c37ceb0bdcb0a1c3eb09913ae12f5719ee0fb6424a779cb
                                                                • Instruction Fuzzy Hash: 5411E1B5249354ABE321CF95DC08F92BBFDEB00B10F108969A616D60A1E770ED04CB52
                                                                Function 009EB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0C4
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0E9
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0F3
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB126
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuerySleep
                                                                • String ID:
                                                                • API String ID: 2875609808-0
                                                                • Opcode ID: 4069c744f4b7ea9d6db827852e4809ff181ea37914924f2bf7363d2ee017eb29
                                                                • Instruction ID: 2ab6c3a2af349ef04ae78fa24844665ff2b241cbe536016fcb3e434a0b33d5ea
                                                                • Opcode Fuzzy Hash: 4069c744f4b7ea9d6db827852e4809ff181ea37914924f2bf7363d2ee017eb29
                                                                • Instruction Fuzzy Hash: 47115730C4466CE7CF01EFE6E9A87EEBB78BB49321F008186D941B2185CB345A519B51
                                                                Function 00A17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 00A17E33
                                                                • ScreenToClient.USER32(?,?), ref: 00A17E4B
                                                                • ScreenToClient.USER32(?,?), ref: 00A17E6F
                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A17E8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                • String ID:
                                                                • API String ID: 357397906-0
                                                                • Opcode ID: b2f913a52e127468fc95494991e9cc3445059f8934f87cd8cc2bdabf26e8a30c
                                                                • Instruction ID: a6f1827fa539e99cb1f7a08836a6f0ab701ea168555a15b9e6950a25c256c2c3
                                                                • Opcode Fuzzy Hash: b2f913a52e127468fc95494991e9cc3445059f8934f87cd8cc2bdabf26e8a30c
                                                                • Instruction Fuzzy Hash: 941126B9D0024AAFDB41DF98C8849EEBBF5FF08310F509056E915E3250D775AA55CF50
                                                                Function 009E2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 009E2DC5
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 009E2DD6
                                                                • GetCurrentThreadId.KERNEL32 ref: 009E2DDD
                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 009E2DE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 2710830443-0
                                                                • Opcode ID: 3d3544057c0d118010534d014ea262ebe452405a2865d04da9e48136fde579d6
                                                                • Instruction ID: efeca758df7b0f505410aa451231c50a8ec2b907a0acb18beb20be9a5f1cf823
                                                                • Opcode Fuzzy Hash: 3d3544057c0d118010534d014ea262ebe452405a2865d04da9e48136fde579d6
                                                                • Instruction Fuzzy Hash: DEE06D715813347AD7215BA39C0DFEB7E6CEB42BB1F005115B205D1080DAA48982C6B0
                                                                Function 00A18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00999639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                  • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                  • Part of subcall function 00999639: BeginPath.GDI32(?), ref: 009996B9
                                                                  • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A18887
                                                                • LineTo.GDI32(?,?,?), ref: 00A18894
                                                                • EndPath.GDI32(?), ref: 00A188A4
                                                                • StrokePath.GDI32(?), ref: 00A188B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                • String ID:
                                                                • API String ID: 1539411459-0
                                                                • Opcode ID: 20a560528df2baade731a4c2a3238ff6a3aa3dca15e7873512b559543647226c
                                                                • Instruction ID: b34c254cb9d791bb2eb29e3c573daa5ea3149eba68fa801f20f5022930e69da9
                                                                • Opcode Fuzzy Hash: 20a560528df2baade731a4c2a3238ff6a3aa3dca15e7873512b559543647226c
                                                                • Instruction Fuzzy Hash: 7CF05E36081258FADB129FD4AC0AFDE3F59AF0A321F448100FA11650E1C7795552CFE9
                                                                Function 009998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 009998CC
                                                                • SetTextColor.GDI32(?,?), ref: 009998D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 009998E9
                                                                • GetStockObject.GDI32(00000005), ref: 009998F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$ModeObjectStockText
                                                                • String ID:
                                                                • API String ID: 4037423528-0
                                                                • Opcode ID: 89a860aef4d5f1f7cf2be3d1c6a996146cf8b5e027442b2c26fd9cf215e0ef37
                                                                • Instruction ID: 070b52337383435bbe4da791ec9fecbe24974681176c3bf2fad8e94e7517e296
                                                                • Opcode Fuzzy Hash: 89a860aef4d5f1f7cf2be3d1c6a996146cf8b5e027442b2c26fd9cf215e0ef37
                                                                • Instruction Fuzzy Hash: F8E06D312C4280BADB219BB8BC09BE87F25AB12336F14C31AF6FA580E1C37146419B11
                                                                Function 009E162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 009E1634
                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,009E11D9), ref: 009E163B
                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009E11D9), ref: 009E1648
                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,009E11D9), ref: 009E164F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken
                                                                • String ID:
                                                                • API String ID: 3974789173-0
                                                                • Opcode ID: 3933404fa8f91ea20e862ae5653378ee7e27f3b911db4b21f9eb1bb0be7ca1b3
                                                                • Instruction ID: 082628541e0723183560936857929a56d71556176caa5b132fa6a76f9082c1f0
                                                                • Opcode Fuzzy Hash: 3933404fa8f91ea20e862ae5653378ee7e27f3b911db4b21f9eb1bb0be7ca1b3
                                                                • Instruction Fuzzy Hash: A9E08631641211DBD7205FE19D0DBC67B7CBF44BA1F14C808F245C9080D7348542C754
                                                                Function 009DD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 009DD858
                                                                • GetDC.USER32(00000000), ref: 009DD862
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 009DD882
                                                                • ReleaseDC.USER32(?), ref: 009DD8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: ad12cdf9b4b680580f7027e22ce1dfb78ced26e2471791510006b199a63d0f92
                                                                • Instruction ID: 0d5fc620ee6435c35926b95f4f21ff62fecc13b1e99d66b714ad6fdf09dc78a0
                                                                • Opcode Fuzzy Hash: ad12cdf9b4b680580f7027e22ce1dfb78ced26e2471791510006b199a63d0f92
                                                                • Instruction Fuzzy Hash: BEE01AB4840204EFCF41EFE0D808AADBBB1FB08320F10E409E81AE7350C7384942AF50
                                                                Function 009DD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 009DD86C
                                                                • GetDC.USER32(00000000), ref: 009DD876
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 009DD882
                                                                • ReleaseDC.USER32(?), ref: 009DD8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: b33c3f10b15d541a4b5dfd371a1cf1c0afa221e61384364998960e3f2809ee20
                                                                • Instruction ID: 8153c61995d979f19ff3f8f798cb50c1ac2fda86cb94dd29fd55b4cd57a4a7a4
                                                                • Opcode Fuzzy Hash: b33c3f10b15d541a4b5dfd371a1cf1c0afa221e61384364998960e3f2809ee20
                                                                • Instruction Fuzzy Hash: 38E092B5C40204EFCF51EFE4D848AADBBB5BB48321B14A449E95AE7250CB385A42AF54
                                                                Function 009F4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 009F4ED4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Connection_wcslen
                                                                • String ID: *$LPT
                                                                • API String ID: 1725874428-3443410124
                                                                • Opcode ID: 203188353fdc4da9602aa5c8c9b05bb91294472b168b29c0e8784d77159f35f6
                                                                • Instruction ID: f267be5593a9a6c2f48aba80da57fe4908af97222d61508fb9f7c96d7fce3b46
                                                                • Opcode Fuzzy Hash: 203188353fdc4da9602aa5c8c9b05bb91294472b168b29c0e8784d77159f35f6
                                                                • Instruction Fuzzy Hash: F3918075A002089FCB14DF58C484EBABBF5BF49314F198099E90A9F3A2D735ED85CB91
                                                                Function 009AE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 009AE30D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: 96bd70ad50a6fcf5e8a5e251302699c03d505fa3befbb8c2a2216ca6840685d2
                                                                • Instruction ID: 5c3161566742ce42b4ea67c3da362d22cbe78cd02c4e1c343cbad575c08c27a5
                                                                • Opcode Fuzzy Hash: 96bd70ad50a6fcf5e8a5e251302699c03d505fa3befbb8c2a2216ca6840685d2
                                                                • Instruction Fuzzy Hash: EE512F6190C10296CB15B798CB413F97B9CEFC17A0F344E68E4D5422F9EF358C969AC6
                                                                Function 0099E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: 8692518b2a9e4aaaddcf2d349504e24fc5666db7194485d80663229850ae7ab7
                                                                • Instruction ID: e31717b9267ecf4e4ab73110a5794e72d839c1abfbc1587cfdd846132a646993
                                                                • Opcode Fuzzy Hash: 8692518b2a9e4aaaddcf2d349504e24fc5666db7194485d80663229850ae7ab7
                                                                • Instruction Fuzzy Hash: 3C510275944246DFDF15EF68C481AFE7BA8EF65310F24805AE8A19F3D0D6349D42CBA0
                                                                Function 0099F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 0099F2A2
                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 0099F2BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemorySleepStatus
                                                                • String ID: @
                                                                • API String ID: 2783356886-2766056989
                                                                • Opcode ID: ce42e705e01dbf48a89a18c51042b866c78afb771cfb0ae07eaf1f616424170a
                                                                • Instruction ID: 854c7a7a6e503ade888036f241e6d409946d5fd47a6adf92bd8f6dba2f41dd8d
                                                                • Opcode Fuzzy Hash: ce42e705e01dbf48a89a18c51042b866c78afb771cfb0ae07eaf1f616424170a
                                                                • Instruction Fuzzy Hash: 755135714087449BE320EF50EC86BABBBF8FFC5304F91885DF29951295EB3085298B66
                                                                Function 00A05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00A057E0
                                                                • _wcslen.LIBCMT ref: 00A057EC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper_wcslen
                                                                • String ID: CALLARGARRAY
                                                                • API String ID: 157775604-1150593374
                                                                • Opcode ID: 3477b87de452fb1c4a2ca283c21e990f701a28f59b3aaa0552721288689aaf5e
                                                                • Instruction ID: 34f4c9b2e2bd63e2ca29f47bec80877b191187afe47e8c271094cb495f37b877
                                                                • Opcode Fuzzy Hash: 3477b87de452fb1c4a2ca283c21e990f701a28f59b3aaa0552721288689aaf5e
                                                                • Instruction Fuzzy Hash: 6B419F31E002099FCB04DFB9D8819BEBBB5EF99320F148069E905A7291E7309D85DF90
                                                                Function 009FD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 009FD130
                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 009FD13A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CrackInternet_wcslen
                                                                • String ID: |
                                                                • API String ID: 596671847-2343686810
                                                                • Opcode ID: d144ad7c2e4a7e7571c1a20436125a829738618730a733bc9de992ce9d916c87
                                                                • Instruction ID: dca30546a671dffd4f758a1836ea74c7d21eb217e167a63187984ec19363ff21
                                                                • Opcode Fuzzy Hash: d144ad7c2e4a7e7571c1a20436125a829738618730a733bc9de992ce9d916c87
                                                                • Instruction Fuzzy Hash: 30313E71D01209ABCF15EFA4CC85BEEBFBAFF45300F100019F915AA262D735AA16DB60
                                                                Function 00A1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00A13621
                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A1365C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$DestroyMove
                                                                • String ID: static
                                                                • API String ID: 2139405536-2160076837
                                                                • Opcode ID: c0933ec85fee564766a7aeeca336aae36a0248fd64d2e4bc201821b5b2f5e5bb
                                                                • Instruction ID: 5c3dc9922f4cf7069d0f3f2a7f6be7e410f67e4e94f26c442fa293d8665f18f9
                                                                • Opcode Fuzzy Hash: c0933ec85fee564766a7aeeca336aae36a0248fd64d2e4bc201821b5b2f5e5bb
                                                                • Instruction Fuzzy Hash: CF318B72100204AEEB20DF68DC80FFB73A9FF88764F109619F9A5D7280DA34AD91C760
                                                                Function 00A14537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A1461F
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A14634
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: '
                                                                • API String ID: 3850602802-1997036262
                                                                • Opcode ID: 676c4212778e91a7b50c0cd6d434253573234cf6c95506a8c9e75ce641c39979
                                                                • Instruction ID: 713e75bd741dcaa68077471e73d1ad026711bd51f5a46315b95aec533a769edb
                                                                • Opcode Fuzzy Hash: 676c4212778e91a7b50c0cd6d434253573234cf6c95506a8c9e75ce641c39979
                                                                • Instruction Fuzzy Hash: 5D313974A0030A9FDF14CFA9C980BEA7BB6FF49314F14406AE914AB341E770A981CF90
                                                                Function 00A131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A1327C
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A13287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: Combobox
                                                                • API String ID: 3850602802-2096851135
                                                                • Opcode ID: 9f6ddc93ce1095729bfe6abe9496092d36deafa73576195e26b7ea893d19180a
                                                                • Instruction ID: 12a7bf44476d6009eea08d5cf31a3ea9026c1eb687e8d9f789410b8a65f5450b
                                                                • Opcode Fuzzy Hash: 9f6ddc93ce1095729bfe6abe9496092d36deafa73576195e26b7ea893d19180a
                                                                • Instruction Fuzzy Hash: B311B2723002087FEF21AF94DC81EFB376BEBA8364F104224F91897290D6759D918760
                                                                Function 00A13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0098600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                  • Part of subcall function 0098600E: GetStockObject.GDI32(00000011), ref: 00986060
                                                                  • Part of subcall function 0098600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                • GetWindowRect.USER32(00000000,?), ref: 00A1377A
                                                                • GetSysColor.USER32(00000012), ref: 00A13794
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                • String ID: static
                                                                • API String ID: 1983116058-2160076837
                                                                • Opcode ID: 7d539e73a6af233f88a44c9167b75b427ae77fcc131588b27203ecc729b85ba0
                                                                • Instruction ID: 497055a0972846b0a0ab5dbf46a0984ce57e5f1efed9d4b417fefc03616da5d1
                                                                • Opcode Fuzzy Hash: 7d539e73a6af233f88a44c9167b75b427ae77fcc131588b27203ecc729b85ba0
                                                                • Instruction Fuzzy Hash: 561137B2650209AFDF01DFA8CC46EFA7BB9FB08314F004914F956E3250E735E8519B60
                                                                Function 009FCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 009FCD7D
                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 009FCDA6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$OpenOption
                                                                • String ID: <local>
                                                                • API String ID: 942729171-4266983199
                                                                • Opcode ID: 057ec3b8073849f731d6b4b0a208deb20beadf58560fde38f88286f6ee313746
                                                                • Instruction ID: 9d54fcc444e37f216cab22bd51c3fc00645af49f46961c06e89a7bc60d46388d
                                                                • Opcode Fuzzy Hash: 057ec3b8073849f731d6b4b0a208deb20beadf58560fde38f88286f6ee313746
                                                                • Instruction Fuzzy Hash: 7A11A3B524563DBAD7244A668C45EFBBEADEF127B4F008626B219920C0D6749841D7F0
                                                                Function 00A13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00A134AB
                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00A134BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LengthMessageSendTextWindow
                                                                • String ID: edit
                                                                • API String ID: 2978978980-2167791130
                                                                • Opcode ID: 31f0719081022c01010433ec4ae8c57c9caae3452325f1e27e171e7918b0996f
                                                                • Instruction ID: 6cb7b416d82ca2fbc3d78acd288e5bc75a6d0053759e0e4cbca89968dbf1c57a
                                                                • Opcode Fuzzy Hash: 31f0719081022c01010433ec4ae8c57c9caae3452325f1e27e171e7918b0996f
                                                                • Instruction Fuzzy Hash: C211BC72100208AFEF228FA4DC80AFB37AAEB14375F504324FA61931E0C735DC919B60
                                                                Function 009E6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                • CharUpperBuffW.USER32(?,?,?), ref: 009E6CB6
                                                                • _wcslen.LIBCMT ref: 009E6CC2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: STOP
                                                                • API String ID: 1256254125-2411985666
                                                                • Opcode ID: 946602ac946db867b2eb9aab9a792f9fd85efbba3fa5b306b81eb30fb4dd7b84
                                                                • Instruction ID: 5141165263fd9d9cbdb1a0adc4ed5c898c555f6d03d0cf5778f137270389eaed
                                                                • Opcode Fuzzy Hash: 946602ac946db867b2eb9aab9a792f9fd85efbba3fa5b306b81eb30fb4dd7b84
                                                                • Instruction Fuzzy Hash: 4C0108326005668BCB12AFBECC409BF73A9FBB17907500924E59296191EB35DD40C750
                                                                Function 009E1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 009E1D4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 13696900de4357e6183eff7d274a3bb0ca4074fe5cd77c4c3c0960b2f197b165
                                                                • Instruction ID: 559968b71f1478cbc44710542eb9387b000dcde406864c5cb912d05a07cc53bd
                                                                • Opcode Fuzzy Hash: 13696900de4357e6183eff7d274a3bb0ca4074fe5cd77c4c3c0960b2f197b165
                                                                • Instruction Fuzzy Hash: 08014C35601218ABCB09FBA0CC15DFE73A8FF82350B144909F873673C1EA355D488760
                                                                Function 009E1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 009E1C46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 7aacff71a038eb6fb16d59b0b8c05e97fac6fe9d416232b36e842a8e169e5d3c
                                                                • Instruction ID: fa9e37dabf3401637e5912fc88b9e285e3ea2d571e89f712f7e146dfd4786f03
                                                                • Opcode Fuzzy Hash: 7aacff71a038eb6fb16d59b0b8c05e97fac6fe9d416232b36e842a8e169e5d3c
                                                                • Instruction Fuzzy Hash: C401A775B811446BCB05FBA1C956AFF77AC9B91340F240419B896B7282EA35DE0887B1
                                                                Function 009E1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 009E1CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 568958d1cbba6def9e44f3c83d0719d1f60de93cd65d49000d08bad516753ab5
                                                                • Instruction ID: e5de1a36ea898e03625c84afe2964dedcc3ce1c842e008f8ed43f63c861c200f
                                                                • Opcode Fuzzy Hash: 568958d1cbba6def9e44f3c83d0719d1f60de93cd65d49000d08bad516753ab5
                                                                • Instruction Fuzzy Hash: 2501D675A8115867CB06FBA1CA05BFE73ACAB51340F244415B886B3282FA359F09C771
                                                                Function 009E1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                  • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 009E1DD3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: fcc6ad2686ec9aeb2872207d3e7cdab3a15352145755b4e2e52bce1bb5f21dcd
                                                                • Instruction ID: c74acdc6b179fb066734a75a9677ee1fbdccf5b3e5afcbcb56d0de82e07bf040
                                                                • Opcode Fuzzy Hash: fcc6ad2686ec9aeb2872207d3e7cdab3a15352145755b4e2e52bce1bb5f21dcd
                                                                • Instruction Fuzzy Hash: 13F0FF71A412186BCB05F7A5CC56BFE73ACAB82350F080D19B862632C2EA759E088360
                                                                Function 00A0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: 3, 3, 16, 1
                                                                • API String ID: 176396367-3042988571
                                                                • Opcode ID: da22ab3f3bcbc2c1f107a8556166e2c2d92ba3c33675a181932deded0f5ffb91
                                                                • Instruction ID: e6ebf7f3f18c8586d9e101c708f2ea7bd6c6b8fbfd3f707f97e23efb7ee615a6
                                                                • Opcode Fuzzy Hash: da22ab3f3bcbc2c1f107a8556166e2c2d92ba3c33675a181932deded0f5ffb91
                                                                • Instruction Fuzzy Hash: 3DE02B06A0426020D2311779BCC1A7F968DDFC6B90710182BF981C62A6EAE59DA193E1
                                                                Function 009E0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 009E0B23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: AutoIt$Error allocating memory.
                                                                • API String ID: 2030045667-4017498283
                                                                • Opcode ID: c2385b8c8495a5c19d8dba7da23345131ef0c6be416d23ecc800550b3b6ce29e
                                                                • Instruction ID: 413addb2a7eb41789ccd7191bedac04940ff64777cc97fb06feae53a7b8a3071
                                                                • Opcode Fuzzy Hash: c2385b8c8495a5c19d8dba7da23345131ef0c6be416d23ecc800550b3b6ce29e
                                                                • Instruction Fuzzy Hash: ECE0483528431837D61436957C03FC9BA899F46F61F204426F798955C38BD268D046E9
                                                                Function 009A0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0099F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,009A0D71,?,?,?,0098100A), ref: 0099F7CE
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,0098100A), ref: 009A0D75
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0098100A), ref: 009A0D84
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 009A0D7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 55579361-631824599
                                                                • Opcode ID: cfca32d5fcf74e3c23eec205faf79a4394f0ef263544e519ada15106ebedda12
                                                                • Instruction ID: 996ad6aa05a0780af460ff6faea6e99afe08ee884a56d076e3b5a1bc4bcaa9d0
                                                                • Opcode Fuzzy Hash: cfca32d5fcf74e3c23eec205faf79a4394f0ef263544e519ada15106ebedda12
                                                                • Instruction Fuzzy Hash: 77E06D742007418FD370EFB8D4083967BE4BB41750F00892DE486C6691DBB5E4898BD1
                                                                Function 009F3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 009F302F
                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 009F3044
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: Temp$FileNamePath
                                                                • String ID: aut
                                                                • API String ID: 3285503233-3010740371
                                                                • Opcode ID: 93ed60f92d95c2a5b0d0c6e7980a351a1dbd11fb816d7ec1e911b1d04289380c
                                                                • Instruction ID: 9a1b68961e416a6b26187e4b75ffeb5dd950e09ec3240808dc00bb8c3de4cf53
                                                                • Opcode Fuzzy Hash: 93ed60f92d95c2a5b0d0c6e7980a351a1dbd11fb816d7ec1e911b1d04289380c
                                                                • Instruction Fuzzy Hash: 62D05EB654032877DA20E7E4AC0EFCB3A6CDB05760F0006A1B655E2091DAF09985CAD0
                                                                Function 009DD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID: %.3d$X64
                                                                • API String ID: 481472006-1077770165
                                                                • Opcode ID: 4a36c87842faa10372e9a8e45bfb4089f14d5c383fe6eb3e6f6d138c514dc721
                                                                • Instruction ID: aa5e9a92214382bab3c297f72aaa409282226908dfb45ec5f8b943dca1c180c6
                                                                • Opcode Fuzzy Hash: 4a36c87842faa10372e9a8e45bfb4089f14d5c383fe6eb3e6f6d138c514dc721
                                                                • Instruction Fuzzy Hash: 6FD012A588A108FACF509AD0DC459F9B37CBB58341F50CC53FA16E2140D63CD509A761
                                                                Function 00A12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A1232C
                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A1233F
                                                                  • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: ec4840a08b71d37bdc0d453fa15933740351100b2354408b3f9395a56d1b1c4a
                                                                • Instruction ID: 0f009ad5730e349dc4d0de18ffbf45ecc83de8fbde4da0d3e3f73832867fd680
                                                                • Opcode Fuzzy Hash: ec4840a08b71d37bdc0d453fa15933740351100b2354408b3f9395a56d1b1c4a
                                                                • Instruction Fuzzy Hash: 4CD022363C0300BBE264F3B0DC0FFC6BA05AB40B20F0089027305AA0D0C8F4A802CA04
                                                                Function 00A12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A1236C
                                                                • PostMessageW.USER32(00000000), ref: 00A12373
                                                                  • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: a2464e8656ab0cb8d2aff4a53203c5ecd4f30c575dfc267a93c71999e671ab1f
                                                                • Instruction ID: 396bf07dc02132c0bd956e1f0f84811879bb756fc25d4b72a9b06fdd58061543
                                                                • Opcode Fuzzy Hash: a2464e8656ab0cb8d2aff4a53203c5ecd4f30c575dfc267a93c71999e671ab1f
                                                                • Instruction Fuzzy Hash: 13D022323C03007BE264F3B0DC0FFC6B605AB40B20F0089027301EA0D0C8F4B802CA08
                                                                Function 009BBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 009BBE93
                                                                • GetLastError.KERNEL32 ref: 009BBEA1
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009BBEFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1232263335.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                • Associated: 00000000.00000002.1232233748.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232332693.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232401345.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1232418482.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                • String ID:
                                                                • API String ID: 1717984340-0
                                                                • Opcode ID: 60633dedce710f7da0d3e7682e85ddef7226f356d7d58af127a6bd8a4b718992
                                                                • Instruction ID: c2a6e86a8bde627e5f41c6819e90b7fa9cacdf4f1e130173a08f2d5595f02957
                                                                • Opcode Fuzzy Hash: 60633dedce710f7da0d3e7682e85ddef7226f356d7d58af127a6bd8a4b718992
                                                                • Instruction Fuzzy Hash: 45410A34600206AFCF219FA4CE54BFABBA9EF42730F144169F9599B1E1DBB08D01CB90

                                                                Execution Graph

                                                                Execution Coverage:0.4%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:100%
                                                                Total number of Nodes:6
                                                                Total number of Limit Nodes:0
                                                                execution_graph 5011 1f5644a98f2 5012 1f5644a9949 NtQuerySystemInformation 5011->5012 5013 1f5644a7cc4 5011->5013 5012->5013 5008 1f56448b837 5009 1f56448b847 NtQuerySystemInformation 5008->5009 5010 1f56448b7e4 5009->5010

                                                                Callgraph

                                                                Executed Functions

                                                                Function 000001F5644A98F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000017.00000002.2532904082.000001F5644A7000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001F5644A7000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_23_2_1f5644a7000_firefox.jbxd
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID: #$#$#$4$>$>$>$A$z$z
                                                                • API String ID: 3562636166-3072146587
                                                                • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                • Instruction ID: 65fe35f476fd6fd19936b3a7208d32cb684e69fa24c2221b082ce473f451c659
                                                                • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                • Instruction Fuzzy Hash: 22A3E331618E498BDB2DDF18CC862F977E6FB98311F44423ED94AC7259DE34E9428B81