Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504822
MD5:f2347741815e534b4341f286ab1b3bbb
SHA1:91a748fed388b7ece45f4baf2ca9ec74f5ea3b7b
SHA256:f4c22832e8dc3d9cd5c3021b85a07a741f40cee7c451c38ebc66a1763491b275
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5764 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F2347741815E534B4341F286AB1B3BBB)
    • msedge.exe (PID: 1928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2020,i,5963254850939977183,9434905447902216501,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 5744 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1780 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5840 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8744 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f64e06-dea7-44d2-8a91-9f96d74627a4} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21760b6f710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8980 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -parentBuildID 20230927232528 -prefsHandle 4100 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59078482-befa-4e67-8e41-69a7cdaffa12} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21772b51310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7260 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7724 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8372 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6324 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6428 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 9004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 9024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 7304 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6660 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8196 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2052,i,4244866620272648045,11370639625438014760,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 7296 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1620 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,6266940162916777507,10081284063565068560,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.4:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003ADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B68EE FindFirstFileW,FindClose,0_2_003B68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003B698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003AD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003AD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003B9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003B979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003B9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003B5C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 93MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_003BCE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UPW3fbrBfWyooUr&MD=ulGS49tt HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726141031&P2=404&P3=2&P4=JJiTaRIZzp9oYiJWGcgvBzXgMjOC5YHhMgd6ivASYyq2vYjATxBr8ZwUVhe5B%2fzSfob8HIGt%2be%2f14Dd329goQQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: M8JDbJH3976bD9txO1gTgPSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UPW3fbrBfWyooUr&MD=ulGS49tt HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1852631319.0000021770DFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2133389565.0000021770DFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1903929068.000002176D987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050896723.000002176D97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854768458.000002176D987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.1903929068.000002176D987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050896723.000002176D97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854768458.000002176D987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.1852631319.0000021770DFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2133389565.0000021770DFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1854588034.000002176E15E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2369676133.000002176CBAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134076458.000002176CBAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2088595507.000002176CBAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2086220866.000002176D98D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2085574761.000002176E1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2078569320.0000021772DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082981853.0000021770AB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000005.00000003.2134016414.000002176CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.1851065830.0000021772B3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2134385875.000002176C3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079145855.0000021772B34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2088595507.000002176CBAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2088595507.000002176CBAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1905713972.000002176C226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.1905377495.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2405086565.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134880708.000002176C281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesO
Source: firefox.exe, 00000005.00000003.1905713972.000002176C226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.1905377495.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2405086565.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134880708.000002176C281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1905713972.000002176C226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.2417253647.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834833400.00000217704D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754645965.00000217704B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1836874832.000002176E2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754875493.000002177090A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874005189.0000021A0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1757918419.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1761108652.000002177048A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403915210.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1849525524.0000021773333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078951174.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1900217723.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754806618.00000217704B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2503661460.000002177048F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854211588.0000021770899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1851065830.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049516756.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1761108652.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902554473.0000021770AA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798104163.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080802918.0000021770A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2363431839.000002176DB35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367183102.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367133857.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364726338.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2364726338.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: firefox.exe, 00000005.00000003.2364044375.000002176DB35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363431839.000002176DB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersDy
Source: firefox.exe, 00000005.00000003.2364726338.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersb-no
Source: firefox.exe, 00000005.00000003.2367310301.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367183102.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367133857.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersergeSb
Source: firefox.exe, 00000005.00000003.2367133857.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersx
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2366824340.000002176DB57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366766983.000002176DB56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.1854299493.0000021770820000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1853225457.0000021770CDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000010.00000003.1793389301.0000021AA04FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1781709869.0000021AA04FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2929380953.0000021AA04FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.1850178452.0000021772CB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078824669.0000021772CB9000.00000004.00000800.00020000.00000000.sdmp, Session_13370009827431347.7.dr, 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://accounts.google.com
Source: 000003.log5.7.dr, Session_13370009827431347.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 00000010.00000002.2923471493.0000021A9FA0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: firefox.exe, 0000000D.00000002.2923942351.000001F24A81A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?sek
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370009827431347.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1673914167.000000000150F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1676844420.0000027D56422000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1675861073.0000027D5641D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000D.00000002.2923942351.000001F24A81A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_Cv
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.1854588034.000002176E15E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2134385875.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2134385875.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2085574761.000002176E1C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2133883914.000002176E1C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2084780508.000002176ED38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000005.00000003.2050921883.000002176CBF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2088028692.000002176CBF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000005.00000003.1852164783.0000021771262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.7.dr, 88b91bb2-3966-4c17-8791-5a066251584e.tmp.8.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: firefox.exe, 00000005.00000003.2372416480.000002176DB31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsoft.c
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2082981853.0000021770AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1853557507.0000021770AB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902478363.0000021770AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2134016414.000002176CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2134016414.000002176CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2050921883.000002176CBE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.1902915252.000002176ED74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903185100.000002176ED38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050089916.000002176ED38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2077471642.0000021772CA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2134016414.000002176CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2134016414.000002176CBC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2050921883.000002176CBE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000005.00000003.1849316252.000002177334B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000D.00000002.2925248698.000001F24AA72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FC8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://music.apple.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://play.google.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2050033185.000002176EDDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2504998395.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837832944.000002176E032000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1752711549.000002176E033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.1902915252.000002176ED74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2086220866.000002176D98D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2086220866.000002176D98D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2085574761.000002176E1B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2134385875.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2050089916.000002176ED63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.1854588034.000002176E14B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.1854588034.000002176E14B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.1854588034.000002176E15E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2084780508.000002176ED38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1851065830.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1854588034.000002176E14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2080802918.0000021770AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://www.google.com
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1854588034.000002176E14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drString found in binary or memory: https://www.gstatic.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.1854768458.000002176D99F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000010.00000002.2925090890.0000021A9FCDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000005.00000003.2135163581.000002176C25F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1905500856.000002176C25F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/.
Source: firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/I%
Source: firefox.exe, 00000005.00000003.1845933141.0000356FEDD03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: firefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comh
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.1852631319.0000021770D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2133389565.0000021770D9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050896723.000002176D97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854768458.000002176D987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087534260.000002176D97B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.4:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003BEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_003BED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003BEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_003AAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_003D9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1668100840.0000000000402000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_29f2d405-a
Source: file.exe, 00000000.00000000.1668100840.0000000000402000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_61cc85c3-d
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1d13ce08-3
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_3f349d71-a
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021A9FAEA4F7 NtQuerySystemInformation,16_2_0000021A9FAEA4F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021AA027AF32 NtQuerySystemInformation,16_2_0000021AA027AF32
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_003AD5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003A1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_003AE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034BF400_2_0034BF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003480600_2_00348060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B20460_2_003B2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A82980_2_003A8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037E4FF0_2_0037E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037676B0_2_0037676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D48730_2_003D4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036CAA00_2_0036CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034CAF00_2_0034CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035CC390_2_0035CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00376DD90_2_00376DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035B1190_2_0035B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003491C00_2_003491C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003613940_2_00361394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003617060_2_00361706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036781B0_2_0036781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003479200_2_00347920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035997D0_2_0035997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003619B00_2_003619B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00367A4A0_2_00367A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00361C770_2_00361C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00367CA70_2_00367CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003CBE440_2_003CBE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00379EEE0_2_00379EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00361F320_2_00361F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021A9FAEA4F716_2_0000021A9FAEA4F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021AA027AF3216_2_0000021AA027AF32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021AA027B65C16_2_0000021AA027B65C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021AA027AF7216_2_0000021AA027AF72
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00360A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0035F9F2 appears 31 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/343@31/23
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B37B5 GetLastError,FormatMessageW,0_2_003B37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A10BF AdjustTokenPrivileges,CloseHandle,0_2_003A10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_003A16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_003B51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_003AD4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_003B648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_003442A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D997DF-788.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2020,i,5963254850939977183,9434905447902216501,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6324 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6428 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f64e06-dea7-44d2-8a91-9f96d74627a4} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21760b6f710 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -parentBuildID 20230927232528 -prefsHandle 4100 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59078482-befa-4e67-8e41-69a7cdaffa12} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21772b51310 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2052,i,4244866620272648045,11370639625438014760,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,6266940162916777507,10081284063565068560,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6660 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2020,i,5963254850939977183,9434905447902216501,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f64e06-dea7-44d2-8a91-9f96d74627a4} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21760b6f710 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -parentBuildID 20230927232528 -prefsHandle 4100 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59078482-befa-4e67-8e41-69a7cdaffa12} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21772b51310 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6324 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6428 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6660 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2052,i,4244866620272648045,11370639625438014760,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,6266940162916777507,10081284063565068560,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003442DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00360A76 push ecx; ret 0_2_00360A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0035F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_003D1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95838
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021A9FAEA4F7 rdtsc 16_2_0000021A9FAEA4F7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_003ADBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B68EE FindFirstFileW,FindClose,0_2_003B68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003B698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003AD076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_003AD3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003B9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003B979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003B9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003B5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003442DE
Source: firefox.exe, 0000000D.00000002.2923942351.000001F24A81A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: firefox.exe, 00000010.00000002.2923471493.0000021A9FA0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2927695917.0000021AA0170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.1904806145.000002176C3C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134285449.000002176C3C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051215897.000002176C3C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404659647.000002176C3C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927880163.000001F24AC18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000D.00000002.2923942351.000001F24A81A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
Source: firefox.exe, 0000000D.00000002.2928980333.000001F24B040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!
Source: firefox.exe, 0000000D.00000002.2928980333.000001F24B040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: firefox.exe, 00000010.00000002.2927695917.0000021AA0170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 0000000D.00000002.2923942351.000001F24A81A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@f
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000021A9FAEA4F7 rdtsc 16_2_0000021A9FAEA4F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BEAA2 BlockInput,0_2_003BEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00372622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00372622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003442DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00364CE8 mov eax, dword ptr fs:[00000030h]0_2_00364CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003A0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00372622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00372622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0036083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003609D5 SetUnhandledExceptionFilter,0_2_003609D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00360C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00360C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_003A1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00382BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00382BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AB226 SendInput,keybd_event,0_2_003AB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_003C22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_003A0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_003A1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00360698 cpuid 0_2_00360698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_003B8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D27A GetUserNameW,0_2_0039D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0037BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003442DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_003C1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_003C1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504822 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 72 Multi AV Scanner detection for submitted file 2->72 74 Binary is likely a compiled AutoIt script file 2->74 76 Machine Learning detection for sample 2->76 78 AI detected suspicious sample 2->78 8 file.exe 1 2->8         started        11 msedge.exe 150 528 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 80 Binary is likely a compiled AutoIt script file 8->80 82 Found API chain indicative of sandbox detection 8->82 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.14 unknown unknown 11->66 68 192.168.2.15 unknown unknown 11->68 70 2 other IPs or domains 11->70 84 Maps a DLL or memory area into another process 11->84 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 95 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49772, 49773 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0017.t-0009.t-msedge.net 13.107.246.45, 443, 49756, 49759 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 15 other IPs or domains 22->62 58 services.addons.mozilla.org 18.65.39.4, 443, 49801 MIT-GATEWAYSUS United States 29->58 60 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49768, 49771, 49802 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
http://www.fontbureau.com/designers0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://www.msn.comh0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://www.tsn.ca0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
http://www.fontbureau.com/designersb-no0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
http://exslt.org/dates-and-timesO0%Avira URL Cloudsafe
https://chromewebstore.google.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://play.google.com0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    prod.classify-client.prod.webservices.mozgcp.net
    		35.190.72.216
    		truefalse
      		unknown
      chrome.cloudflare-dns.com
      		162.159.61.3
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		18.65.39.4
            		truefalse
              		unknown
              ipv4only.arpa
              		192.0.0.170
              		truefalse
                		unknown
                s-part-0017.t-0009.t-msedge.net
                		13.107.246.45
                		truefalse
                  		unknown
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		unknown
                    googlehosted.l.googleusercontent.com
                    		142.250.185.161
                    		truefalse
                      		unknown
                      sni1gl.wpc.nucdn.net
                      		152.199.21.175
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000005.00000003.1851065830.0000021772B3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.orgfirefox.exe, 00000005.00000003.2134385875.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000D.00000002.2925248698.000001F24AA72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FC8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2363431839.000002176DB35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367183102.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367133857.000002176DB56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364726338.000002176DB56000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://docs.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000005.00000003.1904921116.000002176C3B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comhfirefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.youtube.comd0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.1854588034.000002176E15E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.instagram.comd0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1854588034.000002176E14B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748731934.000002176E381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000005.00000003.1902915252.000002176ED74000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000005.00000003.1845933141.0000356FEDD03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedged0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersb-nofirefox.exe, 00000005.00000003.2364726338.000002176DB56000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=trued0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1747884690.000002176E32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748430979.000002176E357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747615095.0000021770400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748225022.000002176E341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747729346.000002176E317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1748594334.000002176E36C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/setsfirefox.exe, 00000005.00000003.1905713972.000002176C226000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.htmld0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.deezer.com/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://web.telegram.org/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/commonfirefox.exe, 00000005.00000003.1905713972.000002176C226000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000005.00000003.1902915252.000002176ED74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903185100.000002176ED38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050089916.000002176ED38000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.2051356505.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1903982042.000002176D96B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134510583.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087575629.000002176D964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2404824466.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1904999223.000002176C2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2925248698.000001F24AAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2925090890.0000021A9FCF8000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shorelined0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2050896723.000002176D97B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854768458.000002176D987000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2087534260.000002176D97B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000005.00000003.2085706258.000002176E192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://exslt.org/dates-and-timesOfirefox.exe, 00000005.00000003.1905377495.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2405086565.000002176C281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134880708.000002176C281000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000005.00000003.1852164783.0000021771262000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromewebstore.google.com/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000005.00000003.1904218008.000002176D933000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bard.google.com/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.office.comd0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2050089916.000002176ED63000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://play.google.com01156401-b5bc-46da-8386-c2cdfbac4abc.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2404589627.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902832203.000002176EDCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2081076534.000002176EDCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.tsn.cafirefox.exe, 00000005.00000003.1896874256.000025C568780000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tidal.com/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2417253647.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1834833400.00000217704D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754645965.00000217704B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1836874832.000002176E2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754875493.000002177090A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874005189.0000021A0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1757918419.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1761108652.000002177048A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2403915210.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1849525524.0000021773333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2078951174.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1900217723.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1754806618.00000217704B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2503661460.000002177048F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1854211588.0000021770899000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1851065830.0000021772B3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049516756.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1761108652.000002177049B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1902554473.0000021770AA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1798104163.0000021772BC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2080802918.0000021770A8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.bellmedia.cfirefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.openh264.org/firefox.exe, 00000005.00000003.1852631319.0000021770D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2133389565.0000021770D9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gaana.com/d0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1849316252.000002177334B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1847706248.0000021773D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2091109650.0000021771C00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.1853716724.0000021770A74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2083401198.0000021770A74000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/compose?isExtension=trued0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000D.00000002.2927642626.000001F24AB00000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2924054397.0000021A9FA50000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trued0011655-cc16-4092-aebe-a1a88ee175b2.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  13.107.246.45
                                  		s-part-0017.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  162.159.61.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.250.185.161
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.251.40.174
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  23.200.0.9
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  172.64.41.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.65.170
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  18.65.39.4
                                  		services.addons.mozilla.orgUnited States
                                  		3MIT-GATEWAYSUSfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  23.43.85.16
                                  		unknownUnited States
                                  		3257GTT-BACKBONEGTTDEfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.251.35.164
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  172.253.115.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.4
                                  192.168.2.15
                                  192.168.2.14
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1504822
                                  Start date and time:2024-09-05 13:36:12 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 7m 21s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:27
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal68.evad.winEXE@72/343@31/23
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 34
                                  • Number of non-executed functions: 316
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 74.125.206.84, 204.79.197.239, 13.107.21.239, 142.250.184.238, 13.107.6.158, 2.19.126.145, 2.19.126.152, 2.23.209.157, 2.23.209.162, 2.23.209.166, 2.23.209.169, 2.23.209.158, 2.23.209.168, 2.23.209.163, 2.23.209.160, 2.23.209.167, 142.250.185.163, 216.58.212.131, 20.96.153.111, 88.221.110.91, 192.229.221.95, 142.250.186.78, 2.22.61.57, 2.22.61.59, 142.250.185.142, 142.250.65.163, 142.251.40.99, 142.251.40.163
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, iris-de-prod-azsc-v2-eus2.eastus2.cloudapp.azure.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, ww
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  12:37:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                  12:37:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                  • nam.dcv.ms/BxPVLH2cz4
                                  152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                  • www.ust.com/

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  example.orgfile.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                  • 108.156.60.108
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.85
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.48
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  MICROSOFT-CORP-MSN-AS-BLOCKUSfirmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                  • 22.97.108.98
                                  firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                  • 20.55.127.67
                                  ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.56.153.252
                                  arm5.elfGet hashmaliciousMiraiBrowse
                                  • 52.152.160.55
                                  x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.55.40.136
                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.55.87.198
                                  arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 148.7.141.227
                                  m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 20.155.11.175
                                  sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 52.188.224.78
                                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 20.180.14.213
                                  CLOUDFLARENETUSfirmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                  • 172.67.201.212
                                  firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                  • 188.114.96.3
                                  debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 104.23.193.44
                                  firmware.x86_64.elfGet hashmaliciousUnknownBrowse
                                  • 188.114.96.3
                                  Invoice and Bill of Landing.exeGet hashmaliciousSnake KeyloggerBrowse
                                  • 188.114.96.3
                                  http://cdn.btmessage.comGet hashmaliciousHTMLPhisherBrowse
                                  • 104.26.7.141
                                  https://buysuhagra.shop/ePFcjxsxGet hashmaliciousHTMLPhisherBrowse
                                  • 1.1.1.1
                                  http://jan47nfhc.3utilities.com/#SAK0BE-SUREJACKZ3J6ZWdvcnouZ2FsYXJhQGNjYy5ldQ==Get hashmaliciousUnknownBrowse
                                  • 188.114.96.3
                                  Fatura_200393871.pdfGet hashmaliciousUnknownBrowse
                                  • 104.18.95.41
                                  Attachment-fax.htmlGet hashmaliciousUnknownBrowse
                                  • 172.67.169.98
                                  EDGECASTUShttps://buysuhagra.shop/ePFcjxsxGet hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  http://jan47nfhc.3utilities.com/#SAK0BE-SUREJACKZ3J6ZWdvcnouZ2FsYXJhQGNjYy5ldQ==Get hashmaliciousUnknownBrowse
                                  • 152.195.15.58
                                  Fatura_200393871.pdfGet hashmaliciousUnknownBrowse
                                  • 152.199.21.175
                                  https://1drv.ms/o/s!Ajq9zC5M8q4HgQZYMFwoYdIgQ7Uc?e=V7cJrHGet hashmaliciousUnknownBrowse
                                  • 152.199.19.160
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 152.195.19.97
                                  Rechnung.pdfGet hashmaliciousUnknownBrowse
                                  • 93.184.221.240
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 152.195.19.97
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 152.195.19.97
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 152.195.19.97
                                  https://app.edu.buncee.com/buncee/67041126b8c5429abf86de62d6aaa0d9Get hashmaliciousUnknownBrowse
                                  • 192.229.233.50
                                  MICROSOFT-CORP-MSN-AS-BLOCKUSfirmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                  • 22.97.108.98
                                  firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                  • 20.55.127.67
                                  ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.56.153.252
                                  arm5.elfGet hashmaliciousMiraiBrowse
                                  • 52.152.160.55
                                  x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.55.40.136
                                  arm.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 157.55.87.198
                                  arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 148.7.141.227
                                  m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 20.155.11.175
                                  sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 52.188.224.78
                                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 20.180.14.213

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  28a2c9bd18a11de089ef85a160da29e4http://cdn.btmessage.comGet hashmaliciousHTMLPhisherBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  https://inboxsender.gxsearch.club/redir5/serial.phpGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  https://gunxt71ylj.swanprincessseries.shop/?email=redacted_emailGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  https://www.sharepointle.com/nam/b7c7f9fb-10af-4a78-b055-1aae28072d54/63ec8c0e-31c8-42ea-a890-b6ee6a16a759/8ca39e5f-fb4f-4462-a716-7a468ff934d1/login?id=M3JjNFNGc2tnZHFtT29GMmRvdXdkdWJaU2hKa214Uk5hc2szK1RuV1Y3NHJKY1hxV01BcVZZeFdWVXJ1SUgwU0pEc2JLRGIyTUVLL1hVZzBMUkhtdjNqY2ZUdy9tV1k5N0I4ZGtFS3dCQlBPV29udmRXMjUzb1pTTjl4NkxJQnQyS3RRQkV0U2gwTTJ6SkZwMUhXV1FaUGRSRmg5NEJGcmpLem8zYlNtR05LTGZRZGRYMHJ0QmRncXR1R0xGYnpnYVFweEZ4Mkcvb2xMcnNZNEdLRUxFcy9vaWNIQ3N3eXhwbFdkVVFrWHVrRXM1OXJiUzVaQWtCTE1QM1RvYmNGdXJzTzViblB1S2RlYm9zVHh2RUJ2QmFtUDRBcG9pZS9qZnU2UnR3V0o1NWVQRGJCQThxbnhXV2RaWTRsb3BpN3dpM3g5ZWk2dkVCbHN3SWtpSEUvT3phS3p6SkZndW83SzRwK241Y1U1N25pQSt6ZE1KL1QvZmMyeEc5c0pzcFRWYi85UmtJS1M2WmpUajFpaC9aL0hSRytJY2ZWbkw3bEw3Q2lyc1ljVk5NQT0Get hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  https://augeanremittancedata647489329364783926443292837.s3.ap-southeast-2.amazonaws.com/rer6t7yuhyvfy.htmGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  https://complaint.room2222.world/apartment/98754Get hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 184.28.90.27
                                  • 20.12.23.50
                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 18.65.39.4
                                  • 34.120.208.123

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse

                                                                          Created / dropped Files

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f2ef3a66-23a7-44a7-8aa0-2d7480e43ea2.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.142137768244635
                                                                          Encrypted:false
                                                                          SSDEEP:192:DjMi4a1cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:DY4cNhnzFSJ5nSrDhJdB
                                                                          MD5:0C9A494B71021A7954FF2888D11F3F27
                                                                          SHA1:9DAB6E0CBF515BAFD0DBFF088739CFE424E04D4D
                                                                          SHA-256:BA2B03036E6824A08404CD1E738981BD2A4F6F3488692F0B1FD9C76ECF72182C
                                                                          SHA-512:B8AE2DBAF30D7B3AA5F6B892A6659CF268D7F01492ABF5129D455581F23F34AA3F771913F244AC70645B59FD3E7C75EABC4F41DC9224BAD31C356E77B1501A32
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"f2ef3a66-23a7-44a7-8aa0-2d7480e43ea2","creationDate":"2024-09-05T13:32:45.032Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f2ef3a66-23a7-44a7-8aa0-2d7480e43ea2.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.142137768244635
                                                                          Encrypted:false
                                                                          SSDEEP:192:DjMi4a1cbhbVbTbfbRbObtbyEzn/nSrDtTJdB:DY4cNhnzFSJ5nSrDhJdB
                                                                          MD5:0C9A494B71021A7954FF2888D11F3F27
                                                                          SHA1:9DAB6E0CBF515BAFD0DBFF088739CFE424E04D4D
                                                                          SHA-256:BA2B03036E6824A08404CD1E738981BD2A4F6F3488692F0B1FD9C76ECF72182C
                                                                          SHA-512:B8AE2DBAF30D7B3AA5F6B892A6659CF268D7F01492ABF5129D455581F23F34AA3F771913F244AC70645B59FD3E7C75EABC4F41DC9224BAD31C356E77B1501A32
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"f2ef3a66-23a7-44a7-8aa0-2d7480e43ea2","creationDate":"2024-09-05T13:32:45.032Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\08bc6e25-9931-459f-bc4d-16cd125c36ff.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.04945662388779
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS8nz6zNmYQSDTx5JkjrKyqOy:/MGQ7FCYXGIgtDAWtJ4n1KcnANmYQS31
                                                                          MD5:86F4D37CC79C2776F1F89B3DDDCB6E5E
                                                                          SHA1:058903C404498E8C25ECCE167157124F21627C2D
                                                                          SHA-256:1DC3103E4FA4A1FD388077F5BD8D462EFB63330159549DCF9A0DD8BC49FC0402
                                                                          SHA-512:94626AA918863041FC12A55E64D30A6D85D43FDAF4D1BBB49EB09360B4ABE58A16BB740E783F6CF799D2FDFF44BDCD8925513FCD3DBFAC84215F2F49252C7076
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0f69e721-4097-4ccb-a9b3-bc9adf197018.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.04945662388779
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS8nz6zNmYQSDTx5JkjrKyqOy:/MGQ7FCYXGIgtDAWtJ4n1KcnANmYQS31
                                                                          MD5:86F4D37CC79C2776F1F89B3DDDCB6E5E
                                                                          SHA1:058903C404498E8C25ECCE167157124F21627C2D
                                                                          SHA-256:1DC3103E4FA4A1FD388077F5BD8D462EFB63330159549DCF9A0DD8BC49FC0402
                                                                          SHA-512:94626AA918863041FC12A55E64D30A6D85D43FDAF4D1BBB49EB09360B4ABE58A16BB740E783F6CF799D2FDFF44BDCD8925513FCD3DBFAC84215F2F49252C7076
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2aec9d45-aff2-4a35-b7f3-7c2ce3bbdda8.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.0494436818393735
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS8nz6xsmYQSDTx5JkjrKyqOy:/MGQ7FCYXGIgtDAWtJ4n1KcnmsmYQS31
                                                                          MD5:5F74E18201299F348DD649C3C63B2E70
                                                                          SHA1:5F438B493C33A223F8B3724CBB4AD464AB8F45C3
                                                                          SHA-256:A69E51ABAF456A7494F0101F58F5C521BAAD235E3326752DDC47742314FD9EE2
                                                                          SHA-512:6EDFD2BC28067E14DA9009DA0E1D7F61A0D1F1723A69517EFEB427A8E498EDF5E2D00D54A7A33D3B9ED66F6CC5A064825AF02127A08FAE49C74452C39BF72C24
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5d22b1d0-c30a-41e8-96fb-8c85d35c57ab.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8239
                                                                          Entropy (8bit):5.793307766143944
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNA7dWZeiRUFnjEkmJ6qRAq1k8SPxVLZ7VTiQ:fsNAxW52jfmJ6q3QxVNZTiQ
                                                                          MD5:538940F26A94A80AA23E4ED4CC54750F
                                                                          SHA1:24E7EEADCD8C956967C4B9C1949C423896B19EB1
                                                                          SHA-256:DB98F97EDCF20EBE52432139979ADF1F293F02F81E25A9848F4935D99F116C96
                                                                          SHA-512:D5ACD7D56324897538996F67CE20EE93B9372D2195CC5BDFE00088F13A2857CBC7615217D0E071FD536B6A4017A12426D68C6401CBE73902411A984D9A528589
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5ead0875-11a7-484a-af2d-3bf81c765c04.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22925
                                                                          Entropy (8bit):6.046406271248236
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS88fmESDTx5JkjrKyqOH:/MGQ7FCYXGIgtDAWtJ4n1Kc8fmES3xXY
                                                                          MD5:DD88B48621FB6D4C854E2D54F92A9E27
                                                                          SHA1:F375934510E2B80957FC0283699F621C5D0C4124
                                                                          SHA-256:BF927482480CDEFD9CC432EBFC9F1F59F6C7AB6DAC7156FBAD04B005B9B02C12
                                                                          SHA-512:FC3F97CC71F8E80A511B6DCE35E25761F63D770FBCBC5BEF09B6B3C2AED1D8F7DFEC5EB20C04D685B59CC91D6C59180CA87541DB00AA10C556FFB54C5BED65D2
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7f14f377-f03f-4e55-aff1-c13062930fae.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.810572475017076
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNA7dWZeiRU9SQ5kmp6qRAq1k8SPxVLZ7VTiq:asNAxW5sLKmp6q3QxVNZTiq
                                                                          MD5:1430102A8C526F8EEF62EB3343FB9707
                                                                          SHA1:7A0C6EA35FFE1729D0B71B14B0946C79802B3EF5
                                                                          SHA-256:7A335EE60AC715E83EB22FD01BA6B64B7E353B9C23679483A0EDF40F6348B869
                                                                          SHA-512:F3C35910D7988C3037F9D0DD2F97884A43E16618BF63ABB5213A0A4256F80D966A7CD33898EDAFC3C864184D2140C644D115C96F2989C27EF3CB9EE4C87DCBE8
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\90ac0971-0160-4c21-84cd-8bce8ca8c7c1.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22852
                                                                          Entropy (8bit):6.04579335845716
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS80/mESDTx5JkjrKyqOy:/MGQ7FCYXGIgtDAWtJ4n1Kc0/mES3xXL
                                                                          MD5:89F6426446CBC22B7B4F5A1ACC9AA3E4
                                                                          SHA1:6EFCDF3712C32B3451F9C8A50995C9FC1C005D55
                                                                          SHA-256:DE5154EBE8EB7BBCDC57E4E7003642699DD33ABD83CC8F0AC50AF8ED2C16A312
                                                                          SHA-512:B900C7A9E7D37B5904C4D9CF79C2D5D0F3F49E650AA4074671DC9FEE620096FF11F7AAC278F9B04453657A669E7C8EE5D51DBB79915155322F276CDE0BA46D57
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9484030a-88a1-4d3a-8319-24046afc7484.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):23967
                                                                          Entropy (8bit):6.0494436818393735
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS8nz6xsmYQSDTx5JkjrKyqOy:/MGQ7FCYXGIgtDAWtJ4n1KcnmsmYQS31
                                                                          MD5:5F74E18201299F348DD649C3C63B2E70
                                                                          SHA1:5F438B493C33A223F8B3724CBB4AD464AB8F45C3
                                                                          SHA-256:A69E51ABAF456A7494F0101F58F5C521BAAD235E3326752DDC47742314FD9EE2
                                                                          SHA-512:6EDFD2BC28067E14DA9009DA0E1D7F61A0D1F1723A69517EFEB427A8E498EDF5E2D00D54A7A33D3B9ED66F6CC5A064825AF02127A08FAE49C74452C39BF72C24
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6ec3ee77-75bf-443a-9775-ed008e150c09.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640136267101608
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                                          MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                                          SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                                          SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                                          SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640136267101608
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Q:fwUQC5VwBIiElEd2K57P7Q
                                                                          MD5:46EC1899F11FE2F524F4A0ED857B2BF7
                                                                          SHA1:830620AD3E3FAC7FE25BD86C291A17AFA245B2CA
                                                                          SHA-256:07965BB5BA96950A38D1B7E50D9564F84D383F21D6FB17B6A411925728AF5146
                                                                          SHA-512:5496B3873B3C5FA3560593D4E3E9F43F6BFA288C5FC3B879D14269A51938D5DDAD950326D86D8DB606A34F7B235E615237136DB19539A1740CAD9B527BEBAEB2
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D997DF-788.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.039621803210127676
                                                                          Encrypted:false
                                                                          SSDEEP:192:2P01utmqvDzKX7TJ8iD12absbZHtgbX1h8IYhliNEzi/cRQMcRTxn8y08Tcm2RGY:60EtClWCshIRQ0Tx08T2RGOD
                                                                          MD5:CBC80152C2BF99D4F5A673EF5DA9492F
                                                                          SHA1:49C8039D3A92496466B2678465D6DE1562CC4DF1
                                                                          SHA-256:AC17C1A57F4C1DE5A1689EEFBBEAA621E563BB37FB77AF87C432EEA85EDD8D35
                                                                          SHA-512:87C2780F9FB897C8E3D33284E7C849A6D7CF486094587F2786CC5322EB52C0F4624D910C2CEDD0B7B2228043F9B73908C3D775848148E59C25871AD0B99C6A7C
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lewphm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D997E0-1C5C.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.5166364171601641
                                                                          Encrypted:false
                                                                          SSDEEP:6144:7UnYceDk5l2OaHI6OVt9iq7n7SEUaHMB:oTl2FW/X
                                                                          MD5:8AA605A39DF0BEFD71A26F1E8F82BADE
                                                                          SHA1:A41A0D7E857EA88E427F4162215665E2EB93E6CD
                                                                          SHA-256:119FB654628DFE9B2144454C7C8202450B9BBD761C6F208A881CC4CA4E905800
                                                                          SHA-512:15392F742E44651F056B497D1DDE2E62B3B8C7FEE34D75C1A153767C3229DA3C51498F5E97A4638E669B40271B0B24483F4095A40C48FA5325BBB3AE17AC9316
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@............... ...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lewphm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D997F3-21F0.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.04071715837352769
                                                                          Encrypted:false
                                                                          SSDEEP:192:0C0EbtmqvDtKX7HJEa3XxxTxqZ/g+XL970R6Eqh57NgEBRR1gQMpDknYn8y08Tcp:h0Et8eK8YiFhxTzgdkY08T2RGOD
                                                                          MD5:E17FC4959BB18CC1AC797AE0AA34CAA4
                                                                          SHA1:FC83B9CC86F03E43928287E09F2447C9B8734050
                                                                          SHA-256:28AA5B3745EE01402734CB5883540166E64835605681940609F33BB168B16CFB
                                                                          SHA-512:B460218EE817DB4C5B92F35D255CEAE531ED7E45EC1D3F53075B5E6D9BBDA4DE6E8010E3807B9D87787C37C8ECBB6CABBEBEE584B640723B23956F139F0CF17F
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@...............``...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lewphm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D997FB-1C80.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.04022166246364089
                                                                          Encrypted:false
                                                                          SSDEEP:192:k20EbtmqvDHKX7LJX3Bhaq+9XmugI9cOhX6NEsMU1gQseeNKYwgn8y08Tcm2RGOD:x0EtGQXKehK4kgjN508T2RGOD
                                                                          MD5:7FBAFCA248023248563DFBEAFD8DE5C3
                                                                          SHA1:6847C7DD0137DE45468721205A242294FD194C05
                                                                          SHA-256:2DB8DF31D1F38DCDCFFAF72E5CFE8E9E62272A8185511DE0066C49413AA65955
                                                                          SHA-512:49B3009703A2C94A427D94AE85C62A33089E2886B31119EA19DB78E0A45DA9295540B98B9886A9F79F8DB2C6EFE08D0FA58E3F79A3E6E2850BD6C46FEA50F019
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................`..PP..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".lewphm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.3553968406659012
                                                                          Encrypted:false
                                                                          SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                          MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                          SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                          SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                          SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                          Malicious:false
                                                                          Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):280
                                                                          Entropy (8bit):3.060980776278344
                                                                          Encrypted:false
                                                                          SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                          MD5:74B32A83C9311607EB525C6E23854EE0
                                                                          SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                          SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                          SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                          Malicious:false
                                                                          Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\09308f99-4fc6-4e23-aff1-63ae28e11027.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558232602822365
                                                                          Encrypted:false
                                                                          SSDEEP:768:38Ipg0WP0yfmb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVz8Tt2rw6lUqxDdKptzItud:38Ipg0WP0yfmbu1jaqEtT6lUqPmzIte
                                                                          MD5:39544A054F4E29504555E1CDEF025A59
                                                                          SHA1:78EFC4EB3D8FBED8432A6AFBA5784789746912D2
                                                                          SHA-256:E418E83004574F001D8501FEC2B55D871C966E6CCAE9A2BA5EAFB8EB7A64E41D
                                                                          SHA-512:209A1D0A5BBDDD0ECDE063DD9E8ADE8ED9AC4446C9DB05A6CAB49AC93355958E54F5DE05BEF86E9F318F1395DDE4661D4A4476972ADEEA268943AF72331572BB
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0d908825-a08e-4639-a540-b622403bf990.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13689
                                                                          Entropy (8bit):5.234335972046325
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZiuaba4uynJWnmevPDhYk3N8gpj+FqISQAffxLy1f:sVTLAJucJWnjrJpUqdQKf5M
                                                                          MD5:F43065F11E910A2F5114EC87BE20899F
                                                                          SHA1:2BF55AB3C8A640908880D400DAE88EAAFE978515
                                                                          SHA-256:5D47B2FCA5CC7D7A9D521DD09D73FCB5074416F6BE0C2ACA9284800BE9BDA30A
                                                                          SHA-512:3147FB11756942BE70FAB0F5E49DC146F76591EB1A1B25D419D78DFF16906973FED73BFF4569F70C6DBF445F4CB7ED133C2E53BAF94EAF0F76B6107CBEC87518
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\159e8133-5751-493d-be9a-da2b7fd8fe7b.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1ce887d8-fa64-4f1b-9856-27f0e3ded203.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2124d2d7-abba-4ebc-8748-02fb691ab3bc.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13651
                                                                          Entropy (8bit):5.234908022729649
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZiuaba4uynJWnmevPDhYk3N8gpj+FqISQADsxLy1f:sVTLAJucJWnjrJpUqdQSs5M
                                                                          MD5:EEAE8946E665601F4F6CA189F928CF1D
                                                                          SHA1:43078678D7AA120BF82F543D2F3D10EA70480B36
                                                                          SHA-256:A15F350CC31FD94D02380932AD8C42C2A86C6762D5F83A15524A01BFC418CE40
                                                                          SHA-512:98D8AA2170EBCA91A08CE59A826204A8E0EFF5FD231D8D9F4565F406F35F218B2122247DC46A839B2EAC239EFD5B0F267DB75E7BDBBD61747CF7413890A13045
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\55054ca5-feae-4456-8da4-e1aa19ab83c3.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):39660
                                                                          Entropy (8bit):5.562129638311217
                                                                          Encrypted:false
                                                                          SSDEEP:768:38IpSl7pLGLv+0WP0yflb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVETL8Tt2rw6lmqY:38IpSzcv+0WP0yflbu1ja5TLEtT6lmqY
                                                                          MD5:3FBA1D55278E4F12C3D9075262CF3068
                                                                          SHA1:F44E0180C6EE21D3AFDE54B5E986357B66026D36
                                                                          SHA-256:5D2C96F6159A577A2C4D264A9A4FD29536BA3AAB9A977C3FF778D8CE679A2268
                                                                          SHA-512:435CBE43717DEC88C00074BE62D3AC6A2D14EF054506B3A7879A6C7908E280E4B9E6D1A9963A6CDBB8B9FB6CF4C8151A15577C8279B57AE2A1C35E4175CFA38F
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5dcda57c-a410-4586-bff9-99459b4eaa40.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12924
                                                                          Entropy (8bit):5.161744917001116
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZiuaba4uynJWnmezYk3N8gpj+FqISQAbzxLy1f:sVTLAJucJWnTpUqdQiz5M
                                                                          MD5:3EA09C2C569D173C7D1D80E909ABF4A5
                                                                          SHA1:61D9DE054AA107F127AB49926D4930A51FD7F460
                                                                          SHA-256:72622774B151BB89A6FDC9840815997348971A81D0892BDC39B2CC3D1C78324B
                                                                          SHA-512:16DC4B102C3BB6CC71181F8BB6361A81E135279D54C2EB67DADBD33FB372BD315FB79BEE722D7678B262ADAD16C26933119AC13C148F934B60D41DD447C8ABD5
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5f16c495-66cd-41a6-8406-8e30437cca36.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13579
                                                                          Entropy (8bit):5.235867708647175
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZiuaba4uynJWnmevPDhYk3N8gpj+FqISQADzxLy1f:sVTLAJucJWnjrJpUqdQSz5M
                                                                          MD5:BB97815CF5A4E887FF7AEBAFD384026A
                                                                          SHA1:2F7B8D82DED1D5F41E3D06994052B1BB481EC48D
                                                                          SHA-256:A646CDC2C6B206D85B651E3114E39476ADFDB7F7A35CA585A95E5F8EFE256BDB
                                                                          SHA-512:C43DBFB6722BCDD8E076478A56F5131E6980ED14542CDFBE73485D59A99BA2908ABB8A29FF11DE6BEB60BC1A72E279646D3A439C88183E0B1301EB3BAF37AC51
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\685369da-312c-4a54-9231-e848c83ece13.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):37817
                                                                          Entropy (8bit):5.555691397337191
                                                                          Encrypted:false
                                                                          SSDEEP:768:38IpSl7pLGLv+0WP0yflb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVz8Tt2rw6lvqxDR:38IpSzcv+0WP0yflbu1jaqEtT6lvqPmS
                                                                          MD5:00ED65CCB9EA87A1417DCEBBC845F11F
                                                                          SHA1:9FF01B1E3BBCD0A86DD08DC35F3D12E82A7B7E1B
                                                                          SHA-256:F15518A2529C98AAB8DC44A3874D171E075F318A2C602A5627555A8398798C4B
                                                                          SHA-512:1E3470759A0A066529F4C9434442F7FD479F4D296596DA2A3BD440D79066E08173CF317EC699193CB9404BBA94A372445E6B7011EEA0B2C03EED0E7CD81C336C
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\97e523dd-bae5-4efd-bbb6-f6ecb4e236d2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):1695826
                                                                          Entropy (8bit):5.0411418117682585
                                                                          Encrypted:false
                                                                          SSDEEP:24576:vPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:vPfZ/mS5
                                                                          MD5:83D175F16C7F5E0B045852F27FDB52B5
                                                                          SHA1:AC4BCEC4788876F02EBADC30ED374FA9F1F3245D
                                                                          SHA-256:6D584C5B93097299DE866D13D89375ECAF451067706DBD54081EE22266B71AE9
                                                                          SHA-512:7C7AE43C08594ECE24E93AEC96A518C03841BDFADC1DB86E29F80566E218E3743127B0F9C513E60808B53097A4994FA9A1387F8B171BAEA7B70D0A1C31528DC8
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13370009831906085.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}].V..................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13370009831906886.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):293
                                                                          Entropy (8bit):5.099764146308043
                                                                          Encrypted:false
                                                                          SSDEEP:6:P3D1wkn23oH+Tcwt9Eh1ZB2KLllKM+q2Pwkn23oH+Tcwt9Eh1tIFUv:PCfYeb9Eh1ZFLnKM+vYfYeb9Eh16FUv
                                                                          MD5:7A3E501E9CA6060ACF335542FD4FA611
                                                                          SHA1:0FE070D49975056A1E9006657C9AA057EACBD6CC
                                                                          SHA-256:C399FE788FC9BCFD8DD83C5F2817449EC72362F6081B3404941CC136D636E493
                                                                          SHA-512:A11A0DF2ED8A7C043C402C5D8F5824DFD6A531B97A79D4DCEE6DF6DBD53F961801D3DD589832DF3CA665D322951DB6DD6F3E1DE563D0E4E71C504810A1908C68
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:10.756 20fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/05-07:37:11.207 20fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):12288
                                                                          Entropy (8bit):0.3202460253800455
                                                                          Encrypted:false
                                                                          SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                          MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.46568000277924115
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB:TouQq3qh7z3bY2LNW9WMcUvB
                                                                          MD5:BB318D7AF04392BD7DEEBEAC5D458836
                                                                          SHA1:1DFBB9F26138F3568E5F59A3C386D0F5A4B65522
                                                                          SHA-256:6DB4D43F5E3CD0D3DA83097F25B8471FC33A04EA6EEC2E091BD494AADCC3623F
                                                                          SHA-512:304041E41F48F15E55B595E5FB55B1A95A1222704E0FFB1309B679DAB6E107972B22760AA5D8CA1CB4FE327C53F7E30492DE3316E25825C8155B8C26F84EBD2C
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlSbI/:Ls3N/
                                                                          MD5:B445826370A62488B42BF7C29FA48773
                                                                          SHA1:6513E8625AF6E643C9989E95CFAFADA1E31D338F
                                                                          SHA-256:14521ACDE758D023F77BB067520E2F6E2BDBBFF0AB94BEF45DEFC6674E0EDB75
                                                                          SHA-512:FEE9DEB43C29CA41413A8A6A998B785A203E9B41FFA4BE73A0CEED8319F5D6A2CBA7C612798272D697BE4ED38FC75FC6F968F214023FB14BD78F29C2DD14FAAD
                                                                          Malicious:false
                                                                          Preview:..........................................K.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):3.5394429593752084
                                                                          Encrypted:false
                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):305
                                                                          Entropy (8bit):5.200034524254356
                                                                          Encrypted:false
                                                                          SSDEEP:6:P+c3M1wkn23oH+TcwtnG2tbB2KLllhY4Oq2Pwkn23oH+TcwtnG2tMsIFUv:PN3rfYebn9VFLnhmvYfYebn9GFUv
                                                                          MD5:DB8C8A7A656C8D73C85B280E5A082FF7
                                                                          SHA1:26E495346CC5087CB6AC4782A9AFA34854D548FA
                                                                          SHA-256:3C9382A240F492713B0E83D1B55FC161AFB91BBBB3DF6F4FCB4CBF6DBCB38852
                                                                          SHA-512:7E84A87B174E3D92545AE795DB2D839C5680CE25054C50E89398220D10D35FF746786C7288AE10EDDF4866C9D693B0D40E54798BABB3BEEC0512C7266EAEEFF6
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.299 1da4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/05-07:37:05.315 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.494709561094235
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                          MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.6134888499130595
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jdwaUpjBmL:Te8D4jJ/6Up+ma+G
                                                                          MD5:79A3D02E0B32ADE05ECF4EF9D15DADC9
                                                                          SHA1:9AA002A84083D445F24CA6CFA400769E085524CC
                                                                          SHA-256:034D6F6CDE17E840065CE02CC1F64940B825956A191F5695A933DA1BA4D123FE
                                                                          SHA-512:FA690BFBCB9D0F0EB32DAA00BC47628063A0B3A55403AAB1BBA4E90F4EFEEB93601AD4CEF6954502FE2BBB65EB44C4AA9A63578F8D3D755F1E2306BBA7EDC35C
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):375520
                                                                          Entropy (8bit):5.354107693401906
                                                                          Encrypted:false
                                                                          SSDEEP:6144:mA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:mFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                          MD5:843709028251BC9E27FFF22959F2E525
                                                                          SHA1:41F936E6E47987425D1442CFB2428C056769BDC3
                                                                          SHA-256:BF360C23F115AE34E24540B02C400FCEE3338B48F61B07FCE12ABFC7D03CE8D1
                                                                          SHA-512:ECE4817CD73308ABE3B5472F5CD09D7055C7D0A066B2DD8F7B161B684B4D9677C8EE20A7BDD40AE9E248727324A0CF622036C093EA6B32F96C41743046B215A5
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1..".q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370009831917428..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):309
                                                                          Entropy (8bit):5.168234167217695
                                                                          Encrypted:false
                                                                          SSDEEP:6:PKHR1wkn23oH+Tcwtk2WwnvB2KLllzj4q2Pwkn23oH+Tcwtk2WwnvIFUv:PLfYebkxwnvFLnYvYfYebkxwnQFUv
                                                                          MD5:B48FD2F090124A71DB8640775DA04C0C
                                                                          SHA1:F3A006C3718B9BDE18319F40090B4E537E75F727
                                                                          SHA-256:A8DD23AFA85CE163DBFCE917C0AE7CCFF78CD34E08758F1EC8921E32027E2872
                                                                          SHA-512:A56308A247598C6C8F8333058E5A24275572493209C52097E0D34F45A9D03F175D30B3D8DAEBB92FEF72A2E7A01B8636B2D1786E1F35C2490D25ADC39A742251
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:10.794 2110 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-07:37:11.240 2110 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):358860
                                                                          Entropy (8bit):5.324613597724338
                                                                          Encrypted:false
                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R5:C1gAg1zfvR
                                                                          MD5:00CC521745A93AC3DA04BCF27256DC91
                                                                          SHA1:732F144F902C17A9EC54931B6FD649639FE80F5A
                                                                          SHA-256:6BECE1C19B6F96425118562870695A97AD031421DCA1177879C2E6EBF21F59BE
                                                                          SHA-512:8959159D3383763BAA7B1AC7F3AADA64B15EC773881CE46E6D81FAC7BCEDF4FF07DF836E04C953A5371148DB2DABE886A62B31BEE0384186DC42A82093C95E32
                                                                          Malicious:false
                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.166703583508336
                                                                          Encrypted:false
                                                                          SSDEEP:6:PhY8ms1wkn23oH+Tcwt8aVdg2KLllYq2Pwkn23oH+Tcwt8aPrqIFUv:PhgfYeb0LnYvYfYebL3FUv
                                                                          MD5:98E9972851D035BCEB58133C9C84B815
                                                                          SHA1:D7DD5AA6C371AE5B5183DA56E2DE29731C54EA9C
                                                                          SHA-256:F548464AE6216A2B2C96FCEDB40748A9BF7C4E79F9D5BFBA109E5612FF9643B8
                                                                          SHA-512:7A80F1CCA664BF3FA70AE5BA55006F86DF4AFC9FD383BEE6096D540B45A909764420FF44012F7B17D8FFED0CCACC7C1834D24239BFFFF8724F062F5C0604C52E
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.315 1da0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/05-07:37:05.328 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):285
                                                                          Entropy (8bit):5.140230949664098
                                                                          Encrypted:false
                                                                          SSDEEP:6:PXs1wkn23oH+Tcwt86FB2KLll8cq2Pwkn23oH+Tcwt865IFUv:PbfYeb/FFLn5vYfYeb/WFUv
                                                                          MD5:18A53CDBDD17768A1F8349B57C86F8FE
                                                                          SHA1:EF1A325C1CEFC8D42268F6A43B6FD390E36365DE
                                                                          SHA-256:382E090F302EEAE76140214EB2FEDFAA14875338187DA1EB083EE8C7DA12DF8F
                                                                          SHA-512:00C8E84AA1C44298945744DCFF13D72DCCD89D5045C632BA0C39D0BB243EBAB1D78A1C6CA5CC8F3BA9436BEAD50BC2355479BF02A825AB2EA41F449202261BB6
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.330 1da0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/05-07:37:05.341 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):1197
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                          MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                          SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                          SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                          SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.220045891225068
                                                                          Encrypted:false
                                                                          SSDEEP:6:P/fVq2Pwkn23oH+Tcwt8NIFUt8290gZmw+22v9IkwOwkn23oH+Tcwt8+eLJ:PFvYfYebpFUt8299/+22+5JfYebqJ
                                                                          MD5:2358F389EFE870FC2E010AB8A69B942F
                                                                          SHA1:60505F6612580F0BD0EAC7D58FFB874A9632E30A
                                                                          SHA-256:F4B059E3DAAFACA6C1040E7DD62324617417FD5590C2BD1F9977D11B57F980EF
                                                                          SHA-512:39FF9ACE595449B4DDA476CF14571EDD2C3326304111339717A961CD650CB841B67C7BD2B7AB66F01D57B6C932943979FEB1AE1BAACB59FCEF5D58E143C5A684
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.316 1db4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-07:37:06.339 1db4 Recovering log #3.2024/09/05-07:37:06.340 1db4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.220045891225068
                                                                          Encrypted:false
                                                                          SSDEEP:6:P/fVq2Pwkn23oH+Tcwt8NIFUt8290gZmw+22v9IkwOwkn23oH+Tcwt8+eLJ:PFvYfYebpFUt8299/+22+5JfYebqJ
                                                                          MD5:2358F389EFE870FC2E010AB8A69B942F
                                                                          SHA1:60505F6612580F0BD0EAC7D58FFB874A9632E30A
                                                                          SHA-256:F4B059E3DAAFACA6C1040E7DD62324617417FD5590C2BD1F9977D11B57F980EF
                                                                          SHA-512:39FF9ACE595449B4DDA476CF14571EDD2C3326304111339717A961CD650CB841B67C7BD2B7AB66F01D57B6C932943979FEB1AE1BAACB59FCEF5D58E143C5A684
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.316 1db4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-07:37:06.339 1db4 Recovering log #3.2024/09/05-07:37:06.340 1db4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):4096
                                                                          Entropy (8bit):0.3169096321222068
                                                                          Encrypted:false
                                                                          SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                          MD5:2554AD7847B0D04963FDAE908DB81074
                                                                          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.40981274649195937
                                                                          Encrypted:false
                                                                          SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):429
                                                                          Entropy (8bit):5.809210454117189
                                                                          Encrypted:false
                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                          Malicious:false
                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):2.4486893729925123
                                                                          Encrypted:false
                                                                          SSDEEP:96:0BCy7LjVitelS9nsH4/AztcKuuoKwULAVP:mN7LgBsHXzCKPo1ULa
                                                                          MD5:F3F6ACE540B3EFC4FC2472FF0F91DDDD
                                                                          SHA1:957EE2192446C70A8E16CFC26476A8EE6E87C39E
                                                                          SHA-256:A58CB7EB71A9D8C74C61957A95DFB6FE6533D013B383F3D98E202F593B6872D1
                                                                          SHA-512:275EA3BDC90B7D90D486E9A56D2B0D5CF7C8CB14804BD6FD5FD8F547AB6D07C022A928FA1A06ABEFE0EA103E8365BA9B056C710ED8982EADC071589577848460
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):159744
                                                                          Entropy (8bit):0.6475117286580512
                                                                          Encrypted:false
                                                                          SSDEEP:96:1LPVqPPdU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNC8LLV:1Lo3K+GPXBBE3upb0HtTTDxVjLL
                                                                          MD5:8A976EED8094DF66F777D385319A3800
                                                                          SHA1:2FAA990AAD997F08E28FC57C47E30F6250EA8ECA
                                                                          SHA-256:73CEC3B4822090C82D155550A650AF1736856B804538EDE036500C22E842BA9C
                                                                          SHA-512:A392003A0698B8582B78BA20E566D6AA78A671F321BDD53D1F27C027AB1381446F62B89419C44C266D35AA3CBB1C25EC4714A742579E51801BF63BCFA9AB5EAB
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):0.32748805531260367
                                                                          Encrypted:false
                                                                          SSDEEP:6:lKHA/J3+t76Y4QZZofU99pO0BYZXbqR4EZY4QZvGCC:wghHQws9LdkOBQZGCC
                                                                          MD5:554A0C2542A02A36317D8878FF6E99F9
                                                                          SHA1:2C80903ADF07B133395B302D87B83C6DE1F6337F
                                                                          SHA-256:B6E67E181A49F806F54105F62BDF8FA8A211096C7A7D8CF1638C4DFACA694E74
                                                                          SHA-512:DF0C6644935CC38A880383981BAA70DB7492D7AF38B7A232F503AAEB270F0F572ECBB894645757832BC6AE6955B78FB60C61D1BA6888F4BB989287618ECFD915
                                                                          Malicious:false
                                                                          Preview:............e.D....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):3.5490255606662244
                                                                          Encrypted:false
                                                                          SSDEEP:384:zj9P05shcQkQerJgam6I/c3773pLERKToaADP/Kbte:zdKsSe2M037SRKcnP/F
                                                                          MD5:2F14D06A42961FBAFC3CF78615F2457E
                                                                          SHA1:46880E1EF1AFE3FFEB8999820D3F414171A1F963
                                                                          SHA-256:A7D45B79B348728D33F81BEFBC57FF99AF8FD3DA4F10A90E89F0611653305BBB
                                                                          SHA-512:0AD0F5B4B3209CA9CA097FDE7EA040A40E3AE4C3A235E6B303F1630DCE0AC1709FA865AF36A21C622E2FA5E6691F48B0E624DA70AD4D4C3E70E3D6286F775F74
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.274431892157402
                                                                          Encrypted:false
                                                                          SSDEEP:12:PLvYfYeb8rcHEZrELFUt825/+2T5JfYeb8rcHEZrEZSJ:jYfYeb8nZrExg80JfYeb8nZrEZe
                                                                          MD5:02DBB35AE3159CBF4ADE4D5F4C600F5C
                                                                          SHA1:5F117729FA7B452241E546453BDD25BED86FE62C
                                                                          SHA-256:BBA349CCCF03480D4AF3F5B1698242E14806083DC74BBE53913ADA098DC155C5
                                                                          SHA-512:F3BA356D57E83D199660DAB5FE428D5DCDAB0180EDCBFA747667FB67ECBAD9D6A9951D97B73466B1425347C47033C922CFB6E81ED413F3AC9548B83D3DBF6923
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:07.748 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-07:37:07.756 1d40 Recovering log #3.2024/09/05-07:37:07.756 1d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.274431892157402
                                                                          Encrypted:false
                                                                          SSDEEP:12:PLvYfYeb8rcHEZrELFUt825/+2T5JfYeb8rcHEZrEZSJ:jYfYeb8nZrExg80JfYeb8nZrEZe
                                                                          MD5:02DBB35AE3159CBF4ADE4D5F4C600F5C
                                                                          SHA1:5F117729FA7B452241E546453BDD25BED86FE62C
                                                                          SHA-256:BBA349CCCF03480D4AF3F5B1698242E14806083DC74BBE53913ADA098DC155C5
                                                                          SHA-512:F3BA356D57E83D199660DAB5FE428D5DCDAB0180EDCBFA747667FB67ECBAD9D6A9951D97B73466B1425347C47033C922CFB6E81ED413F3AC9548B83D3DBF6923
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:07.748 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-07:37:07.756 1d40 Recovering log #3.2024/09/05-07:37:07.756 1d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.177812342623125
                                                                          Encrypted:false
                                                                          SSDEEP:6:P/FX4q2Pwkn23oH+Tcwt8a2jMGIFUt82WJZmw+27FH3DkwOwkn23oH+Tcwt8a2jz:P/FovYfYeb8EFUt82A/+27FT5JfYeb8N
                                                                          MD5:1F270949EB39CB68B2997858D03024AB
                                                                          SHA1:4A6F8BE03BBBC486582D631689BAE90C744840B3
                                                                          SHA-256:3E7C348FE9ADE952E1B2FB1155274FDA4BA7488DF57E2D92F715D7CC24A5E5B3
                                                                          SHA-512:4D4B533D800A4C1DCEE486E36BD238B8665E20A9B0C847DB88B266A6B252C9E71B815AE1FC5841C547410DA5978231138E58C138D949F341342F5330B5FD89AD
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.892 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-07:37:05.893 1ed0 Recovering log #3.2024/09/05-07:37:05.896 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.177812342623125
                                                                          Encrypted:false
                                                                          SSDEEP:6:P/FX4q2Pwkn23oH+Tcwt8a2jMGIFUt82WJZmw+27FH3DkwOwkn23oH+Tcwt8a2jz:P/FovYfYeb8EFUt82A/+27FT5JfYeb8N
                                                                          MD5:1F270949EB39CB68B2997858D03024AB
                                                                          SHA1:4A6F8BE03BBBC486582D631689BAE90C744840B3
                                                                          SHA-256:3E7C348FE9ADE952E1B2FB1155274FDA4BA7488DF57E2D92F715D7CC24A5E5B3
                                                                          SHA-512:4D4B533D800A4C1DCEE486E36BD238B8665E20A9B0C847DB88B266A6B252C9E71B815AE1FC5841C547410DA5978231138E58C138D949F341342F5330B5FD89AD
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.892 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-07:37:05.893 1ed0 Recovering log #3.2024/09/05-07:37:05.896 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):57344
                                                                          Entropy (8bit):0.863060653641558
                                                                          Encrypted:false
                                                                          SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                          MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                          SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                          SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                          SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):0.40293591932113104
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\01156401-b5bc-46da-8386-c2cdfbac4abc.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2271
                                                                          Entropy (8bit):5.271337223660825
                                                                          Encrypted:false
                                                                          SSDEEP:48:YXsW8sGfcdsAgsurskgns6+HpWsaYsf+HtesNCxbZ:OKEG9O4p8/4ZA1
                                                                          MD5:ED832D39FEAEBD562CCD45B30FF61472
                                                                          SHA1:74B692A615E80F9E5FFF12165ABAC854C784DA96
                                                                          SHA-256:E7679AB465ECA001DD9EE3A56633077477C3BE5EB7D843B10F88EE5FC3C03F50
                                                                          SHA-512:531EFB1824478E277FB3D8E3A7FB83D832A912C2A8804A2826FF68B9B964D1F9D7CEDCBB4624B9DCA773DF4995455F3E35539A274AE5CD048735E041D3F187A8
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372601829322999","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372601830643388","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372601831994441","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372601835929946","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\56282560-ca21-4ed3-90e7-3794146e8e8e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\562c3691-b814-47a4-9c94-948334f3796b.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):354
                                                                          Entropy (8bit):5.46213055096409
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcjHGXBv31dB8wXwlmUUAnIMp5lVFwSQ:YWyX5Sg9vt+UAnIQcD+R7N+UAnIGVFbQ
                                                                          MD5:03EA28A14C136A41B428663B77ADFCB0
                                                                          SHA1:3A7AAF865CC779C7AE56A6A2D9B1395E8485B387
                                                                          SHA-256:706DC60D2182BA589192CB58A49B55BA33FEB04090C1DC1279FF414DE90E7702
                                                                          SHA-512:C35A3A822E28555DA9B2FF3B60CD134A331335DD11DAB4D55338FE719B0D1F15BBBF5A76493696FC42DC281734C8002358439862F4C2189748FF86E85DA27B3C
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757072237.06135,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725536237.061355}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7bd1fcfe-c43c-415b-9a44-8934c522e0a9.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7fa93474-fc86-4dd0-ba67-95daaa125f8d.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):355
                                                                          Entropy (8bit):5.46736258307787
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcjHTqK8Bv31dB8wXwlmUUAnIMp5lj7O:YWyX5Sg9vt+UAnIQcDTqK8R7N+UAnIGW
                                                                          MD5:960E8F7F11C1473B7A85F535A5E4093D
                                                                          SHA1:B9FCE2F6940C4D16F51EEFD29175DCE03C9A82EE
                                                                          SHA-256:43B225766DEB26C8D07643FC7C5F97E97F257964FB4CB9C3FD4510BF68919703
                                                                          SHA-512:FAD42F172FC3C331EC6779A8C3B78F64C8F0509F19E48E3BA1C5F6A990F438BC669359A0DD1016B58B578352B3CAE47B9BEFEDDBF647024F8AAA28B71F9E416B
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1757072297.536926,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725536297.536932}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\982e5c57-7936-4d3f-b9b2-5b91cd141361.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.0834176279599668
                                                                          Encrypted:false
                                                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8BQt0eOSXWbmTGxTk7mjFOFyPr:ige+AuQeei87mjDr
                                                                          MD5:7BFD2AA19FF0F2BD8BF952A227DD599D
                                                                          SHA1:771B6D67F0D8A893D8E3A22EF84BCD3B32CA3034
                                                                          SHA-256:EDA06670FDFBFEE2715D7AD1D39FDB672F16E0CCFF5EF8C9FD6C0DCB8233F28B
                                                                          SHA-512:BF73340A538D7621987C0CC36F25C0A53C4CE5B2AC657E8C6E709D8AC3300A0CFD9B1ECA2D3A9268734CF4F65FC846B348298A8C547B3260C9146A9239FC1BCC
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2d056.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3bad5.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):1.3311948453196054
                                                                          Encrypted:false
                                                                          SSDEEP:96:uIEumQv8m1ccnvS6kDo2dQF2YQ9UZ11SRVkI:uIEumQv8m1ccnvS6B282rUZ1gd
                                                                          MD5:04B7679E850D398B8418E683B4BD7D50
                                                                          SHA1:DB2D2E841509853A2C9844EE56F5EF499750873D
                                                                          SHA-256:977EF047856206F32125F5EC8AEFA324CF74A55A435500313412C60F8DB3F739
                                                                          SHA-512:95F63A0635C91E31996960BD62C850E62E2D45D2F4A80C233E348DDC17B5D22A15536272933DF6C7821C6F3063D92AAE52119D8FC0BBD5EB1D6B09111D4CC0A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2aa11.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2c26b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2cfd9.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3d63d.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dcd3e2c5-3d54-400e-9185-1d64e9095cab.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fa09d801-aaa0-48a3-ab70-f158ffe839ff.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5744102022039023
                                                                          Encrypted:false
                                                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                          MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                          SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                          SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                          SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e8cf.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF31d3d.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF35a37.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a3d2.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.071947239218485
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVTJ9pQTryZigaba4uynJWnaYk3L8gpj+FqISQAbzxLy1f:sVTLA3ucJWnApUqdQiz5M
                                                                          MD5:5C9C2FE373BB78FB3CACEA981AC378DE
                                                                          SHA1:8E4E626F660C2DD13CAFB73B8BB09128D394FC96
                                                                          SHA-256:FA5C01EBEF88FA379DD232CABF922998DB9B157D6E6D2411BE9E1F23196C5E0B
                                                                          SHA-512:8276DBD16BEF76B01335CE00C154A5616B01546DAE083BF619C66B306548A00144B3F8D3D2FA9FBC2315A0BBA359E29193ABE5F8718EFC4DC6F426C2841B17D8
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13370009825945812","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):4.051821770808046
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                          Malicious:false
                                                                          Preview:{"preferred_apps":[],"version":1}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558232602822365
                                                                          Encrypted:false
                                                                          SSDEEP:768:38Ipg0WP0yfmb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVz8Tt2rw6lUqxDdKptzItud:38Ipg0WP0yfmbu1jaqEtT6lUqPmzIte
                                                                          MD5:39544A054F4E29504555E1CDEF025A59
                                                                          SHA1:78EFC4EB3D8FBED8432A6AFBA5784789746912D2
                                                                          SHA-256:E418E83004574F001D8501FEC2B55D871C966E6CCAE9A2BA5EAFB8EB7A64E41D
                                                                          SHA-512:209A1D0A5BBDDD0ECDE063DD9E8ADE8ED9AC4446C9DB05A6CAB49AC93355958E54F5DE05BEF86E9F318F1395DDE4661D4A4476972ADEEA268943AF72331572BB
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e97b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558232602822365
                                                                          Encrypted:false
                                                                          SSDEEP:768:38Ipg0WP0yfmb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVz8Tt2rw6lUqxDdKptzItud:38Ipg0WP0yfmbu1jaqEtT6lUqPmzIte
                                                                          MD5:39544A054F4E29504555E1CDEF025A59
                                                                          SHA1:78EFC4EB3D8FBED8432A6AFBA5784789746912D2
                                                                          SHA-256:E418E83004574F001D8501FEC2B55D871C966E6CCAE9A2BA5EAFB8EB7A64E41D
                                                                          SHA-512:209A1D0A5BBDDD0ECDE063DD9E8ADE8ED9AC4446C9DB05A6CAB49AC93355958E54F5DE05BEF86E9F318F1395DDE4661D4A4476972ADEEA268943AF72331572BB
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF31965.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.558232602822365
                                                                          Encrypted:false
                                                                          SSDEEP:768:38Ipg0WP0yfmb8F1+UoAYDCx9Tuqh0VfUC9xbog/OVz8Tt2rw6lUqxDdKptzItud:38Ipg0WP0yfmbu1jaqEtT6lUqPmzIte
                                                                          MD5:39544A054F4E29504555E1CDEF025A59
                                                                          SHA1:78EFC4EB3D8FBED8432A6AFBA5784789746912D2
                                                                          SHA-256:E418E83004574F001D8501FEC2B55D871C966E6CCAE9A2BA5EAFB8EB7A64E41D
                                                                          SHA-512:209A1D0A5BBDDD0ECDE063DD9E8ADE8ED9AC4446C9DB05A6CAB49AC93355958E54F5DE05BEF86E9F318F1395DDE4661D4A4476972ADEEA268943AF72331572BB
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370009825004927","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370009825004927","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):364
                                                                          Entropy (8bit):4.024699418069733
                                                                          Encrypted:false
                                                                          SSDEEP:6:S85aEFljljljljljljlUZ//laDBvHGU4w+CA5EEE:S+a8ljljljljljljlUZ//UBOw+CA
                                                                          MD5:ED7E437AD36538CE517A6CB6EF24B392
                                                                          SHA1:88139411B57087450894F297B0B09CB7FA2D337F
                                                                          SHA-256:53F50D13E14950F8041FD683B096D9EDDD27704EAAA22BA6027E7739A5A29B72
                                                                          SHA-512:B004878A2D93684ED375F27BD99B0877A464D6375EA85C284C19653E87DEB33C82C8B3DDB6EF1E095B25A6CAD5272A794542B3A6F712EA012E79F104B20BEBFA
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................^]7j................next-map-id.1.Knamespace-5dd9ba3b_79ec_48d8_81ca_03490cf1d7d3-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.126525830952479
                                                                          Encrypted:false
                                                                          SSDEEP:6:PouO4q2Pwkn23oH+TcwtrQMxIFUt82sPpJZmw+2oeDkwOwkn23oH+TcwtrQMFLJ:PoutvYfYebCFUt82sPD/+2F5JfYebtJ
                                                                          MD5:318C649DC7AE5E76610C011295E7F112
                                                                          SHA1:59F2867089BB7BAA1E750DA2CDB7D311D19D109F
                                                                          SHA-256:4EC86536759C8BB991DD60076F4C971563D58E5F64F3C5CEBAFB2EEAA48D2AC3
                                                                          SHA-512:4EC4879B52D134EEA383B45ED0A9A629ECAAAB733CBCD4273DD9FA2E5A49A69BCE0E0467E075156C645DEDEFECE8FFF5F401544F1A29A732CF4F4CF8E0B16C1D
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.063 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-07:37:06.067 1ed0 Recovering log #3.2024/09/05-07:37:06.143 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.126525830952479
                                                                          Encrypted:false
                                                                          SSDEEP:6:PouO4q2Pwkn23oH+TcwtrQMxIFUt82sPpJZmw+2oeDkwOwkn23oH+TcwtrQMFLJ:PoutvYfYebCFUt82sPD/+2F5JfYebtJ
                                                                          MD5:318C649DC7AE5E76610C011295E7F112
                                                                          SHA1:59F2867089BB7BAA1E750DA2CDB7D311D19D109F
                                                                          SHA-256:4EC86536759C8BB991DD60076F4C971563D58E5F64F3C5CEBAFB2EEAA48D2AC3
                                                                          SHA-512:4EC4879B52D134EEA383B45ED0A9A629ECAAAB733CBCD4273DD9FA2E5A49A69BCE0E0467E075156C645DEDEFECE8FFF5F401544F1A29A732CF4F4CF8E0B16C1D
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.063 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-07:37:06.067 1ed0 Recovering log #3.2024/09/05-07:37:06.143 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370009827431347

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):7477
                                                                          Entropy (8bit):4.047098793374621
                                                                          Encrypted:false
                                                                          SSDEEP:96:3uR6bIUV4LqQ6nPrpJl/RcLAQ6nPrpcsLmeICQ6nPrp3Tyj:3gUV4Lq3PrpJoLA3PrpRLmeIC3Prp3
                                                                          MD5:A230884E91A56CE9ECB40115EFBD5EA6
                                                                          SHA1:1CD10506BA115128075800F38949058B55E4D7AC
                                                                          SHA-256:2C82F941CC94F77170B9980B76FB81C2E6562846A0F638D862EC516D4190E92D
                                                                          SHA-512:9A55AE825FE1A6564D64399857B1BF6C62CC79A47670B01B26743D85CE44AE12681649132D9867153E9F4DF3704A7EDB34ACAF0D1295599E8C55FACF80B5DCD6
                                                                          Malicious:false
                                                                          Preview:SNSS.........@.............@......"..@.............@.........@.........@.........@....!....@.................................@..@1..,.....@$...5dd9ba3b_79ec_48d8_81ca_03490cf1d7d3.....@.........@.................@.....@.........................@....................5..0.....@&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.......@.........@............................@.............@....?...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rHAeBMJjPrqaqK34xAvZbxID6cRSpDxMWG0rckGX7qqWzNNTim0HqFgufghA-mVt92AK46fg&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1457900976%3A1725536230702596&ddm=0.....S.i.g.n. .i.n. .-. .G.o.o.g.l.e. .A.c.c.o.u.n.t.s...L...H...!...@....................................................................................................\..]!...\..]!..................................P...................................................?...h

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.44194574462308833
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.143401144103316
                                                                          Encrypted:false
                                                                          SSDEEP:6:PPOpq2Pwkn23oH+Tcwt7Uh2ghZIFUt82KZmw+22kwOwkn23oH+Tcwt7Uh2gnLJ:PmpvYfYebIhHh2FUt82K/+225JfYebIT
                                                                          MD5:1A4B1EBA6ED5AB2279CE14E310A7669D
                                                                          SHA1:A253D9674CEBDF8C9A8A0D2D6C46CE3A407760F0
                                                                          SHA-256:4D0B3A852230B83774F4CFCFCF7326F7F826500193A03308FAD0C748A9FE202D
                                                                          SHA-512:7810FB70EBE3DA9430E001C1DA027079575028C5D2AD6D0AFE0347751925C0D3435BB478D0F13CE295EBB3E6AAC554ED7BF7B01A298C8AD9E6FFFF4D169FDCD3
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.272 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-07:37:05.273 1da4 Recovering log #3.2024/09/05-07:37:05.273 1da4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.143401144103316
                                                                          Encrypted:false
                                                                          SSDEEP:6:PPOpq2Pwkn23oH+Tcwt7Uh2ghZIFUt82KZmw+22kwOwkn23oH+Tcwt7Uh2gnLJ:PmpvYfYebIhHh2FUt82K/+225JfYebIT
                                                                          MD5:1A4B1EBA6ED5AB2279CE14E310A7669D
                                                                          SHA1:A253D9674CEBDF8C9A8A0D2D6C46CE3A407760F0
                                                                          SHA-256:4D0B3A852230B83774F4CFCFCF7326F7F826500193A03308FAD0C748A9FE202D
                                                                          SHA-512:7810FB70EBE3DA9430E001C1DA027079575028C5D2AD6D0AFE0347751925C0D3435BB478D0F13CE295EBB3E6AAC554ED7BF7B01A298C8AD9E6FFFF4D169FDCD3
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.272 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-07:37:05.273 1da4 Recovering log #3.2024/09/05-07:37:05.273 1da4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):524656
                                                                          Entropy (8bit):5.027445846313988E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:Lsul9I:LsN
                                                                          MD5:78B4828DCFFA217C0C691C7FD477A592
                                                                          SHA1:C63B1B69BA0FB9A17AD6D05516CA670DD3767205
                                                                          SHA-256:C67F6DE61F527751DC18A97EEBDBFE6DB17821AC3F3158BEF40C3BEC6152080A
                                                                          SHA-512:7E483C32A1F4E4C84F5E4F325D29D33FFF1FD1EFCDD58BEB25DD0D90B515C3B049B301454C6F758FDDB87FE96B72A931B66700A01E4BA0AAB19A29BEF060A8D6
                                                                          Malicious:false
                                                                          Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlad+t:Ls3X
                                                                          MD5:63BE329768C671817604726FF06B90FA
                                                                          SHA1:23696659206B715021520FFBC545999A1EC12754
                                                                          SHA-256:F224FAE1CFAF9317A0652957DC585AFF178DF21C19DCB7BB773CE93881D34DA1
                                                                          SHA-512:F0DAD1718091A6425E369B3C501CA53E241EE9FE4A1A4591642C825AFD9A6887F0F0D24C16BA2CEF692F8A39DC88EA92DDA3ABADA74E43844AC65F00682B7C71
                                                                          Malicious:false
                                                                          Preview:........................................@.Z.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.239839034018847
                                                                          Encrypted:false
                                                                          SSDEEP:12:PCIvYfYebvqBQFUt82W/+2KF5JfYebvqBvJ:q6YfYebvZg8QXJfYebvk
                                                                          MD5:286C1FE46296D8D0E85E9D393F7CE293
                                                                          SHA1:3C1A62D4F8BC2EB844B1B2B2DED35DBEFE25B902
                                                                          SHA-256:77CB1B530CE99996A3D594D13CFF052909743FECE61589AE6900FF52884C5A92
                                                                          SHA-512:4926C65E4BEA4B09EC9F99B8255A9D9740778CE05E94C95E658F3AA1F28C8A22A632C6588CA01DFAF035A63D18376198E79124FA71AEE310F4A34A1E35D78B79
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.359 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-07:37:06.360 1ed0 Recovering log #3.2024/09/05-07:37:06.364 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.239839034018847
                                                                          Encrypted:false
                                                                          SSDEEP:12:PCIvYfYebvqBQFUt82W/+2KF5JfYebvqBvJ:q6YfYebvZg8QXJfYebvk
                                                                          MD5:286C1FE46296D8D0E85E9D393F7CE293
                                                                          SHA1:3C1A62D4F8BC2EB844B1B2B2DED35DBEFE25B902
                                                                          SHA-256:77CB1B530CE99996A3D594D13CFF052909743FECE61589AE6900FF52884C5A92
                                                                          SHA-512:4926C65E4BEA4B09EC9F99B8255A9D9740778CE05E94C95E658F3AA1F28C8A22A632C6588CA01DFAF035A63D18376198E79124FA71AEE310F4A34A1E35D78B79
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.359 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-07:37:06.360 1ed0 Recovering log #3.2024/09/05-07:37:06.364 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\88b91bb2-3966-4c17-8791-5a066251584e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF2dc7b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3c3de.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.555790634850688
                                                                          Encrypted:false
                                                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2c26b.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\af582468-4792-4919-8ad0-f1f6d87be372.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b82eb12d-74cb-4b01-b8d4-dba077844762.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c69ddb4e-0cae-43b5-b3fa-734393c4edad.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f0214204-13b2-470d-a218-8d562f198c4f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):80
                                                                          Entropy (8bit):3.4921535629071894
                                                                          Encrypted:false
                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.220866932747931
                                                                          Encrypted:false
                                                                          SSDEEP:12:POSvYfYebvqBZFUt82IR/+2IU75JfYebvqBaJ:xYfYebvyg87OUtJfYebvL
                                                                          MD5:63232AE736C41229EA4FA1FA0FC8C932
                                                                          SHA1:4D562702C157EA9DAFDD0E341A53FBAFFD18B9C5
                                                                          SHA-256:3CB78C7EF68D9D9070DA94C7C7B2C93E790457920C7AD7B78B64614E8DB1C38C
                                                                          SHA-512:DD02CF860F791FFD7BD69C2EB1519F98D7BC2AE49575DE621934D080C71EFA4C3D8E3C08F98E5953571B0EB7B7540A66428028F59E5A47A3177C14CB7AC5BDF7
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:22.298 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-07:37:22.300 1ed0 Recovering log #3.2024/09/05-07:37:22.303 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.220866932747931
                                                                          Encrypted:false
                                                                          SSDEEP:12:POSvYfYebvqBZFUt82IR/+2IU75JfYebvqBaJ:xYfYebvyg87OUtJfYebvL
                                                                          MD5:63232AE736C41229EA4FA1FA0FC8C932
                                                                          SHA1:4D562702C157EA9DAFDD0E341A53FBAFFD18B9C5
                                                                          SHA-256:3CB78C7EF68D9D9070DA94C7C7B2C93E790457920C7AD7B78B64614E8DB1C38C
                                                                          SHA-512:DD02CF860F791FFD7BD69C2EB1519F98D7BC2AE49575DE621934D080C71EFA4C3D8E3C08F98E5953571B0EB7B7540A66428028F59E5A47A3177C14CB7AC5BDF7
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:22.298 1ed0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-07:37:22.300 1ed0 Recovering log #3.2024/09/05-07:37:22.303 1ed0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.207575314222568
                                                                          Encrypted:false
                                                                          SSDEEP:6:PJWM+q2Pwkn23oH+TcwtpIFUt82H1Zmw+2JBE+WMVkwOwkn23oH+Tcwta/WLJ:PJL+vYfYebmFUt82V/+2JBLLV5JfYeb7
                                                                          MD5:96FCAA06441E0B1AC5EAD31DD34C8BD9
                                                                          SHA1:A92362560790409F3CDAD30919DD1E1B71626204
                                                                          SHA-256:2F96EEF36023AB63B193A417E37314CE98E6E6BE994D255BBEFB761AF6E09D58
                                                                          SHA-512:E6FDC2AC4878C39C636C70D34EEAC1F145A3C2DDBE5B7AB0A4EF623DDEA52BBE41AE2A289E9A24201766473A1559C8D98C685092954A932C8F554D526EB430D4
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.255 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-07:37:05.260 1dac Recovering log #3.2024/09/05-07:37:05.262 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.207575314222568
                                                                          Encrypted:false
                                                                          SSDEEP:6:PJWM+q2Pwkn23oH+TcwtpIFUt82H1Zmw+2JBE+WMVkwOwkn23oH+Tcwta/WLJ:PJL+vYfYebmFUt82V/+2JBLLV5JfYeb7
                                                                          MD5:96FCAA06441E0B1AC5EAD31DD34C8BD9
                                                                          SHA1:A92362560790409F3CDAD30919DD1E1B71626204
                                                                          SHA-256:2F96EEF36023AB63B193A417E37314CE98E6E6BE994D255BBEFB761AF6E09D58
                                                                          SHA-512:E6FDC2AC4878C39C636C70D34EEAC1F145A3C2DDBE5B7AB0A4EF623DDEA52BBE41AE2A289E9A24201766473A1559C8D98C685092954A932C8F554D526EB430D4
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.255 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-07:37:05.260 1dac Recovering log #3.2024/09/05-07:37:05.262 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.26707851465859517
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                          MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                          SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                          SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                          SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):131072
                                                                          Entropy (8bit):0.005567161523650777
                                                                          Encrypted:false
                                                                          SSDEEP:3:ImtVx//l/+TWHlltPyE/l7lSUtl:IiVt/IaFlwEt7ltl
                                                                          MD5:788A1DFBBDA6F74594C74DEAB23008DB
                                                                          SHA1:589C0A09465E57D65E4DEF4661501D18B36CBEDB
                                                                          SHA-256:514EBFEC9FDC60F40C2188FDBE77C0DCA4BD12F512CB8BD93C7AAE2B227027CA
                                                                          SHA-512:F8A9B22B7862C9FF51F89AFA91B34029C39437D0D18934FCFA9651AD70FFDC42FE74B0DB05CCB0F667EEA077D7EED5079F5F298DD9AC825EFBA7AF591AA84308
                                                                          Malicious:false
                                                                          Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):184320
                                                                          Entropy (8bit):1.0672972102892557
                                                                          Encrypted:false
                                                                          SSDEEP:192:QSqzWMMUfTinGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYHLn6:QrzWMffGnzkkqtXnTK+hNH+5EVum4
                                                                          MD5:DB3EF5162C85BB4230E05CE0C7833F8B
                                                                          SHA1:4058254ACE4726AB7D925A182E5BACCFDE25F94E
                                                                          SHA-256:3E445429FBF510FBBB2092012C1B0DE1FEBF707DB3C49B0D781F0FF43FD4410D
                                                                          SHA-512:EAED179AF190BAC319FCDE9CB2BDB460B186F67D18357580A21D50E4E7B6D3B368B4EF5FF51B821A04B133801BC792411151D38EEFFE08A3AFA97F48DBE60770
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                          Category:dropped
                                                                          Size (bytes):14336
                                                                          Entropy (8bit):1.423276609125593
                                                                          Encrypted:false
                                                                          SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgF2RymC8/eWRmlX+2RymC8/e6xj/:PtSjGhp22iSNLr65Lt
                                                                          MD5:20695ADD023665C59F1DF2C2FFE29C75
                                                                          SHA1:9F75641A2C6AC9A45B634287426216F20D856950
                                                                          SHA-256:06D4FD994CFC8285C21D5670A73AD246FF154FAEBC425B56420BEBCC98BD7056
                                                                          SHA-512:871ED716FB95511848E33FC933E1BD2A1DD1B98AABEFB076B0E6C768FFF1EA2BAACBE095A644F1880A74DAC64719EAEBCBBB6A2316736E8AA32A8E9746B0D9D2
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):40960
                                                                          Entropy (8bit):0.41235120905181716
                                                                          Encrypted:false
                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11755
                                                                          Entropy (8bit):5.190465908239046
                                                                          Encrypted:false
                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                          Malicious:false
                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d0011655-cc16-4092-aebe-a1a88ee175b2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.3410017321959524
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.35226517389931394
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.09772002298661225
                                                                          Encrypted:false
                                                                          SSDEEP:6:G9l/MnKxDj9l/MnKxDiV9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/u:Ct3l9t30FnnnnnnnnnnnnnnpEo
                                                                          MD5:2C485D60B818D9C0E8B1649B3BF279DB
                                                                          SHA1:0A864D7E1C789189554541D1116AAD201ED96A4D
                                                                          SHA-256:87E32A4FE4305682B65CE5B2B04DFE6F892DE53A62B3B3BE68F1CF1D4046CC13
                                                                          SHA-512:11F62128701067F0237069C929C8EB6D0144D60078583591AAA00F7BD3740B0C024006548292729E3FC64937DD0BA94B6736FEB2D5F36F3D1827DE8A810B07AF
                                                                          Malicious:false
                                                                          Preview:..-.............H.......}...Z7-.b.....va..xT...-.............H.......}...Z7-.b.....va..xT.........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                          Category:dropped
                                                                          Size (bytes):296672
                                                                          Entropy (8bit):1.0146661699566646
                                                                          Encrypted:false
                                                                          SSDEEP:384:w2UW+uC07ag8b5bRbKb4GbWbZbhb5LKbvjb42:w2b/7agKVNw4s81d5Ev342
                                                                          MD5:D26D8ED91F23735C57B5548E8CD13AAE
                                                                          SHA1:74AFABD2B5AB8DF8E8CE01421B2162C9A5B9B7AB
                                                                          SHA-256:06E39B7DBDB63BE583560ED5A6A663BD8013BE1EC8984B6318448FE2B3468F0C
                                                                          SHA-512:FB6A22617D6B65EB1DE92A50F6A66C8BEC72D9679B6698C160B02D39195CA76494AB6324727D6D0C51905BB33A7F4DDCFAAC6556A87F03861FF787FFCC37D6C2
                                                                          Malicious:false
                                                                          Preview:7....-..........b.....v...u..K.........b.....v+..I..Zc................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):250
                                                                          Entropy (8bit):3.704891878236998
                                                                          Encrypted:false
                                                                          SSDEEP:3:VVXntjQPEnjQEZil3seGKT9rcQ6x1QyOtlTxotlTxotlTxotlTxotlTxotlTxotl:/XntM+zIl3sedhO1QyOuuuuuu
                                                                          MD5:3F08CA7100F2B0C4DCB1CCC9E3A3F210
                                                                          SHA1:4842D76BBD059666469F1E37D7446D31E422855B
                                                                          SHA-256:84C87360FDF146E00B7E089753D37B64249AEC5BEC6A644A4599AFF4685D5796
                                                                          SHA-512:6445997C1AB9D26A5F0FDEBD2022AEDCCB3FFD00AA1F74B1A1372125341756553723150CB5DAEFE6E9F8A41CFB1CE3193393D6C1921176875832D18CD92F86E8
                                                                          Malicious:false
                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1.N.E0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.2495107427073675
                                                                          Encrypted:false
                                                                          SSDEEP:6:PWhRM1wkn23oH+Tcwtfrl2KLlljvyq2Pwkn23oH+TcwtfrK+IFUv:PYrfYeb1LnDyvYfYeb23FUv
                                                                          MD5:018D5748BC8E1D419041C636E8B8994B
                                                                          SHA1:1EF02976B93DA3726B33D326CBAD3A0DBA036C87
                                                                          SHA-256:EDBCC54B6E7006A8E542278CDC1EA3689C0B762CD53A3086DF28AA0595FC5E15
                                                                          SHA-512:1180AA59E5754309D1F9B9C557015A23B15A8F4A2542F5EF1EDB1038A4718535D6C5E1DDF6635F58609ABC3BF1B4C408E52CEE098994CB9B05E68F30192205D0
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:06.417 1d54 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/05-07:37:06.453 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):617
                                                                          Entropy (8bit):3.9325179151892424
                                                                          Encrypted:false
                                                                          SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                                          MD5:AD15D72AA4792C14DDD002CED70E8245
                                                                          SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                                          SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                                          SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                                          Malicious:false
                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):299
                                                                          Entropy (8bit):5.202187563409086
                                                                          Encrypted:false
                                                                          SSDEEP:6:POuBEmhRM1wkn23oH+Tcwtfrzs52KLll1jyq2Pwkn23oH+TcwtfrzAdIFUv:PvBEorfYebs9LndyvYfYeb9FUv
                                                                          MD5:006EC83BAA6B5C7F930C01E535368ED4
                                                                          SHA1:2D98EC14CBBBE4FE760DB919C377C94811BD0BF0
                                                                          SHA-256:D278D56A5BDE61829C8BF1A64792A4977AC8C384A48E88A7D611933AA9308E60
                                                                          SHA-512:28C5FF1C3B6C1454D9F15215E41BF003B486E1CF2AAA8F084B21883E41B97FC63DBA633933B8BC5F33D97800E0552718D50C5F0312B9358A7252374423723059
                                                                          Malicious:false
                                                                          Preview:2024/09/05-07:37:05.949 1d54 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/05-07:37:06.415 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlQa+l/:Ls3Qp/
                                                                          MD5:8992F01984F8A144315BFDE2E8506A0A
                                                                          SHA1:F9E700F46DE61976BA12369CC63B0D44DA040B71
                                                                          SHA-256:4CC03D5D8A2C5D8FD12016464BC9639B21273595BAF7D74D6D033AA5339DD2EC
                                                                          SHA-512:A76325DE0AD7EB46F2FD574CD78BE890B1D0E199400F16BC2190516F467C31CD9527471AD104E818BBB775BE8A7238E6EC27C3E6A3585A73E61963FE217DADCF
                                                                          Malicious:false
                                                                          Preview:.........................................@R.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlJ/JKX:Ls3xJKX
                                                                          MD5:C15AC50BD5FC7210DDADF46103F67A89
                                                                          SHA1:EC70ADD7C7BC58F6341E5ED4DCAAF211D310E50F
                                                                          SHA-256:E66C93E5FBA67DC6F39930499800656B4C698ECB6A03F49CFD9ED654D675DC5B
                                                                          SHA-512:34EB4BB83132C738A9937F8C8684DCE3F6853BBD6B03EC17ED4CC5D0DC1116CF1C3B26A2A9549B89EB7FA40371E21054BCF871F997992472158C1A7882EF1E4E
                                                                          Malicious:false
                                                                          Preview:........................................U)Z.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):120
                                                                          Entropy (8bit):3.32524464792714
                                                                          Encrypted:false
                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                          Malicious:false
                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13
                                                                          Entropy (8bit):2.7192945256669794
                                                                          Encrypted:false
                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                          Malicious:false
                                                                          Preview:117.0.2045.47

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28f65.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28f74.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF294d3.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF294e3.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2bb86.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dba0.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dbcf.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dbfe.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dc3d.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fb6d.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fb8c.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a307.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ca37.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40183.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5963118027796015
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2031121
                                                                          Entropy (8bit):4.001535139479347
                                                                          Encrypted:false
                                                                          SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                                                          MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                                                          SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                                                          SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                                                          SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                                                          Malicious:false
                                                                          Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2031121
                                                                          Entropy (8bit):4.001535139479347
                                                                          Encrypted:false
                                                                          SSDEEP:49152:LgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lzlVSa4YVxeUOolPKRayAH09bnwBXQ0a/Z:i
                                                                          MD5:7F4CBC7E09250B5D99FB95AE1BE8E67D
                                                                          SHA1:689B2E06B3B98270B156048A8620DE7213C07A4F
                                                                          SHA-256:DE95A59EAF1374E5D39D2E4D4BD06B6C81B19BB9AAF175580F595106639C3F74
                                                                          SHA-512:0F8B8F190F656E208F6D5050909ED1A4BEB6D7C27EDD1AE77CFEB19F753A135CB8DAF93ED4139FEF27B53F83EA87B8B243465B15303DDBF1CE280EDAA700AFE6
                                                                          Malicious:false
                                                                          Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlMVbIll/:Ls3MVE//
                                                                          MD5:4F81EB2667DC398A6F01241393F1801C
                                                                          SHA1:97929D7C18583810DFE8113DA07E7271D4A1B758
                                                                          SHA-256:E1E7CEDA31C77CDB5B35AFDC7AC59470B95D09361789EC237AE28B53A8EA07C4
                                                                          SHA-512:924CAE0E96D5BAF23EB79FCBC91E9B9A6544E7262E9B47FC8CC21E80F069FCC38311711F648C6026246E18B0D2B29BBEF07642E61C1AA6ADE45D9FAE677004BE
                                                                          Malicious:false
                                                                          Preview:........................................n.0.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.3818353308528755
                                                                          Encrypted:false
                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                          Malicious:false
                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35
                                                                          Entropy (8bit):4.014438730983427
                                                                          Encrypted:false
                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                          Malicious:false
                                                                          Preview:{"forceServiceDetermination":false}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):29
                                                                          Entropy (8bit):3.922828737239167
                                                                          Encrypted:false
                                                                          SSDEEP:3:2NGw+K+:fwZ+
                                                                          MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                          Malicious:false
                                                                          Preview:customSynchronousLookupUris_0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):18
                                                                          Entropy (8bit):3.5724312513221195
                                                                          Encrypted:false
                                                                          SSDEEP:3:kDnaV6bVon:kDYa2
                                                                          MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                          Malicious:false
                                                                          Preview:edgeSettings_2.0-0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3581
                                                                          Entropy (8bit):4.459693941095613
                                                                          Encrypted:false
                                                                          SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                          MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                          Malicious:false
                                                                          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.493433469104717
                                                                          Encrypted:false
                                                                          SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                          MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                          Malicious:false
                                                                          Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):50
                                                                          Entropy (8bit):3.9904355005135823
                                                                          Encrypted:false
                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                          Malicious:false
                                                                          Preview:topTraffic_170540185939602997400506234197983529371

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):575056
                                                                          Entropy (8bit):7.999649474060713
                                                                          Encrypted:true
                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                          Malicious:false
                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):86
                                                                          Entropy (8bit):4.389669793590032
                                                                          Encrypted:false
                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                          MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                          SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                          SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                          SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                          Malicious:false
                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a75b33b4-3892-439f-bb96-704769fe6160.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22925
                                                                          Entropy (8bit):6.046372548150572
                                                                          Encrypted:false
                                                                          SSDEEP:384:VtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh8LWS87fmESDTx5JkjrKyqOH:/MGQ7FCYXGIgtDAWtJ4n1Kc7fmES3xXY
                                                                          MD5:9D7BECAB50A49A4000DF8FFC0F37C242
                                                                          SHA1:39E6A3B3EF9FD30A27B322AB5B93A969F7ABB484
                                                                          SHA-256:790F9087B3C6BB7A19C377D728446C3B64BFA588AE159746268259155939FFA6
                                                                          SHA-512:3F84537F11BF7E29FFDCEFDD9F7CA5C8DBD3B3CF99F5A30C60F3B93A90AED21480CBCB9C7FAC86FE11E6D2688AB348E50E23700665D987D2C6690333EBDD7F4C
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a887d9b1-09dc-44bf-89cc-ceb0c7596630.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25053
                                                                          Entropy (8bit):6.030872529924484
                                                                          Encrypted:false
                                                                          SSDEEP:768:/MGQ7FCYXGIgtDAWtJ4C1Kc50SWOfmES3xXNC:/MGQ5XMBV1fMXNC
                                                                          MD5:AF0BEC1EAE940FBB327B9FB77E04679E
                                                                          SHA1:8A13AC01B5D54F2563F37C4ABA1BFF25EB9AF7A9
                                                                          SHA-256:60F9079A2940F36253845BD0B4925CB5DB4B3AF666BF811F5271E8C525F9F512
                                                                          SHA-512:3476C3C15F05B18D5FD10884E633AEBFF40D06A5EBE344EA1AAE80448F1C30824018EF8C45B55517979E3FD710DA666705912AB569E12410037267F5182AC1C5
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b7a37eed-98fe-4bc5-a5d3-321d9e898479.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.792351987616029
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfjdWF5ih/cI9URLl8RotoVMFVvlwh4e4IbONIeTC6XQS0qGqk+Z4uj+rjEy:ak7dWaeiRUahY6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:7E00A0C8C1668DCEC0C749C9B9C34380
                                                                          SHA1:3C2B8F293F8E23FAC335EC5B822AB5001AAD5056
                                                                          SHA-256:4CE37CFE9D45B41ED433B1B7A9F563D7229681E6ABAE0B7B14AA5DE908D0D3F1
                                                                          SHA-512:51FEDB7FC5F5E615A301CBF06C68D9A54D616DE59C8A169058879BDD5F4D0AD3400670448F5D1CC939D479FC04DC47D9F3A8F4E3723123A4430A5BCDB54F040F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA/BEMPLZlcQpwd80HAdvanEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADfF1P8TnT44BqTT3ze7oC3nyHhj06krPNjFrOs29RsMwAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba353378-5190-4881-9f36-b72a62aff127.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8321
                                                                          Entropy (8bit):5.787339746719722
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNw7dWZeiRUYnjEkmJ6qRAq1k8SPxVLZ7VTiQ:fsNwxW5RjfmJ6q3QxVNZTiQ
                                                                          MD5:8B6204C181214FFD66790BF31691372D
                                                                          SHA1:F57830DAAF2950DC24FA0509D0E1AD9248D3C014
                                                                          SHA-256:B85179D58770A8007EBEB178C6099D15BC15E6AF7CDE959E141543046F165BAA
                                                                          SHA-512:37F28B3BEBB607891D5D974047A3DFDFA267C5011AFC282AA602973AC4FC2531FBEEDAF32A11ECD25AF80021B666C5CA77434E54E82185216F840FFCCCB8BA5F
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba96eaa1-f554-4d27-893a-d82693242a69.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25104
                                                                          Entropy (8bit):6.030058178537153
                                                                          Encrypted:false
                                                                          SSDEEP:768:/MGQ7FCYXGIgtDAWtJ4CkKc50SW4fmES3xXNC:/MGQ5XMBVkFMXNC
                                                                          MD5:21109865A70A135E95CFF670FA894839
                                                                          SHA1:60B00C6EE0926DF2CB6563CBF32B7F6A42E65B4C
                                                                          SHA-256:6E06871DC3AC5CBE06DD38EAEE69B817B7F300F4674247907A916281EB238B59
                                                                          SHA-512:A0DFD923A17293DEFC8712D2FFD498E61309E53715DEB04882865DA8A896ADD8DDA436D489C3F9E43C4C59D547C6FEF5A90C34E062C86682D2B05B6065F1E12B
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c0893d4f-e922-47df-9d01-400aff5115b4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25053
                                                                          Entropy (8bit):6.030864648909182
                                                                          Encrypted:false
                                                                          SSDEEP:768:/MGQ7FCYXGIgtDAWtJ4C1Kc50SW4fmES3xXNC:/MGQ5XMBV1FMXNC
                                                                          MD5:654A9536A91E8E07B92F43D90AC4B6A9
                                                                          SHA1:885F4166CF86D2BCFA42A45205DAF604351855C7
                                                                          SHA-256:B72E91403074ABC0E5CF4C8600DE842CBA53BDB0FFE50BD86B154584223865E9
                                                                          SHA-512:6F9FCFC7F6B458C873CE5BE67A4E3771A4DC8A3B4EF12A6F2FD4F69C6B243586C21966A8C3A3171C11FE320884308836A833F1D1F8C047AB6E9880D8A5932D0E
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13370009826058575","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0480167-8d8b-4faf-b99f-0c22f40a32af.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.810572475017076
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNA7dWZeiRU9SQ5kmp6qRAq1k8SPxVLZ7VTiq:asNAxW5sLKmp6q3QxVNZTiq
                                                                          MD5:1430102A8C526F8EEF62EB3343FB9707
                                                                          SHA1:7A0C6EA35FFE1729D0B71B14B0946C79802B3EF5
                                                                          SHA-256:7A335EE60AC715E83EB22FD01BA6B64B7E353B9C23679483A0EDF40F6348B869
                                                                          SHA-512:F3C35910D7988C3037F9D0DD2F97884A43E16618BF63ABB5213A0A4256F80D966A7CD33898EDAFC3C864184D2140C644D115C96F2989C27EF3CB9EE4C87DCBE8
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2278
                                                                          Entropy (8bit):3.8513768082309645
                                                                          Encrypted:false
                                                                          SSDEEP:48:uiTrlKxrgxExl9Il8ufbmMttIDIUDlKswSsNbYhd1rc:mJYpbVyDIUDvLsNcC
                                                                          MD5:EF376704BC08C66440070AFDF8444339
                                                                          SHA1:5524C5A343536A7A52691CFE041C489207C8F9AD
                                                                          SHA-256:DE39BFF4628C632F27263DBD19FFE7D1F92D7EB8104DF932A5B594DDBB5B9478
                                                                          SHA-512:B366945051D19724466DD91765E789295083F5D052D91D63D4F3F3DD35F2AE44572A9E8B06B66FC8AE0098825C69AAEDFC5907C586F7A7A5640389F5DB30843D
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.A.j.H.U.p.D./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.w.R.D.D.y.

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4622
                                                                          Entropy (8bit):4.005509178895171
                                                                          Encrypted:false
                                                                          SSDEEP:48:uiTrlKxExixD9Il8uf7Fw7LIIclwpilauaq2WCfYF928fBUwMshIo4Uw4Hy5UKUq:gYp4LIvlaDAj2kwUwW9/Ee6NsfIOoWBA
                                                                          MD5:C3F587278F4AA83BD9BC20E371FCC2A2
                                                                          SHA1:8DCF9B6EE364935C730806F519B6A905623CA361
                                                                          SHA-256:40572886F94DFDD1356C258D3BE97A918476A34EF2267165777A41CC2FF28A3E
                                                                          SHA-512:62751F6331B20E6EF3F2217FD9293420986AE4A00B62665304EF8CE6071359D771BD84AFC541F136AF10A0EF5310A2554BBE7FC308E0A02E8896DA838A6F41C0
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.p.y.2.O.I.j./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.w.R.D.D.y.

                                                                          C:\Users\user\AppData\Local\Temp\29954af5-cbe9-4a16-9880-849c029e367f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                          Category:dropped
                                                                          Size (bytes):76319
                                                                          Entropy (8bit):7.996132588300074
                                                                          Encrypted:true
                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                          MD5:24439F0E82F6A60E541FB2697F02043F
                                                                          SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                          SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                          SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                          Malicious:false
                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                          C:\Users\user\AppData\Local\Temp\4330b071-8875-4c0e-82d7-c70a8697f7de.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 603003
                                                                          Category:dropped
                                                                          Size (bytes):530994
                                                                          Entropy (8bit):7.99805877933668
                                                                          Encrypted:true
                                                                          SSDEEP:12288:Ufv7zfAegwBbume1rysRVMf+xVmY6ChWH0cGDwmyu0bCD7gw:UrvvBbThsH2+xVmYbdAmx1T
                                                                          MD5:AB6CACBC64E0158384E5B25F945CEA50
                                                                          SHA1:CCC1843CB91FE6E4532C8BE2E6867D2854100B86
                                                                          SHA-256:7F9872434D5C997413A50E22791D5DB07CC29541985566AE6399A97DEDD650EB
                                                                          SHA-512:EBC0A31B1797856AA7FF28A7971F13BC1E03BA3092AE601333337865CD67BB4E09D6C9E01C2559A40C66A51E8EB009E1E61E1DF3C367418A24991CB811038C35
                                                                          Malicious:false
                                                                          Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                          C:\Users\user\AppData\Local\Temp\8e1bd781-2253-4ac3-8a50-a47e17c2b522.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                          Category:dropped
                                                                          Size (bytes):206855
                                                                          Entropy (8bit):7.983996634657522
                                                                          Encrypted:false
                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                          Malicious:false
                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                          C:\Users\user\AppData\Local\Temp\954181b8-8e17-4bca-a1ab-b3eea6cd6c2f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\ac9df994-6f12-459f-b5ed-6b2d169ebc2a.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\b8eb117e-0705-4287-8c4e-08fecc3737d4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):353
                                                                          Entropy (8bit):5.3620915389836545
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEprHVduaWJPx56s/uprHV68Q+nqGQJjDrwv/uprHVX58fl2TL56s/C:YSxduP56s/Yx68P0Dkv/Yxyfl8L56s/C
                                                                          MD5:2F56917D8575F0425C46D115230DC337
                                                                          SHA1:C3778AFC414236874331538F348D7527F910DC33
                                                                          SHA-256:15351DFCF396402853755A166E6CAC9A25CEA0820C07DA4F221CD5DF611CA0E6
                                                                          SHA-512:ACC90E4516FF9219D7B5392769DF1572F782319F509199942225D19F79145EAAD2D0647AFDDEC34F1A502FCC0D2A258DB9A2CC56D9FD681005344178E599A544
                                                                          Malicious:false
                                                                          Preview:{"logTime": "0905/113712", "correlationVector":"k4Hp8jbn/jCuOW1p7+H1sC","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0905/113712", "correlationVector":"2031D55EB85E4BB9B5AB2A3CC62B9E16","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0905/113712", "correlationVector":"M8JDbJH3976bD9txO1gTgP","action":"EXTENSION_UPDATER", "result":""}.

                                                                          C:\Users\user\AppData\Local\Temp\e5ec46fe-f8f8-48b2-a6bd-835a836f1395.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.4593089050301797
                                                                          Encrypted:false
                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                          Malicious:false
                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1646044465\954181b8-8e17-4bca-a1ab-b3eea6cd6c2f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1646044465\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1753
                                                                          Entropy (8bit):5.8889033066924155
                                                                          Encrypted:false
                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                          Malicious:false
                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1646044465\CRX_INSTALL\content.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):9815
                                                                          Entropy (8bit):6.1716321262973315
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1646044465\CRX_INSTALL\content_new.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):10388
                                                                          Entropy (8bit):6.174387413738973
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1646044465\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):962
                                                                          Entropy (8bit):5.698567446030411
                                                                          Encrypted:false
                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                          Malicious:false
                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\128.png

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):4982
                                                                          Entropy (8bit):7.929761711048726
                                                                          Encrypted:false
                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\af\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):908
                                                                          Entropy (8bit):4.512512697156616
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\am\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1285
                                                                          Entropy (8bit):4.702209356847184
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ar\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1244
                                                                          Entropy (8bit):4.5533961615623735
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\az\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.867640976960053
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\be\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3107
                                                                          Entropy (8bit):3.535189746470889
                                                                          Encrypted:false
                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\bg\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1389
                                                                          Entropy (8bit):4.561317517930672
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\bn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1763
                                                                          Entropy (8bit):4.25392954144533
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ca\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):930
                                                                          Entropy (8bit):4.569672473374877
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\cs\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):913
                                                                          Entropy (8bit):4.947221919047
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\cy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):806
                                                                          Entropy (8bit):4.815663786215102
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\da\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):883
                                                                          Entropy (8bit):4.5096240460083905
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\de\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1031
                                                                          Entropy (8bit):4.621865814402898
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\el\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1613
                                                                          Entropy (8bit):4.618182455684241
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\en\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\en_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\en_GB\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):848
                                                                          Entropy (8bit):4.494568170878587
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\en_US\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1425
                                                                          Entropy (8bit):4.461560329690825
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                          Malicious:false
                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\es\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):961
                                                                          Entropy (8bit):4.537633413451255
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\es_419\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):959
                                                                          Entropy (8bit):4.570019855018913
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\et\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):968
                                                                          Entropy (8bit):4.633956349931516
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\eu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):838
                                                                          Entropy (8bit):4.4975520913636595
                                                                          Encrypted:false
                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\fa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1305
                                                                          Entropy (8bit):4.673517697192589
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\fi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):911
                                                                          Entropy (8bit):4.6294343834070935
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\fil\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):939
                                                                          Entropy (8bit):4.451724169062555
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\fr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.622066056638277
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):972
                                                                          Entropy (8bit):4.621319511196614
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\gl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):990
                                                                          Entropy (8bit):4.497202347098541
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\gu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1658
                                                                          Entropy (8bit):4.294833932445159
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\hi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1672
                                                                          Entropy (8bit):4.314484457325167
                                                                          Encrypted:false
                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\hr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):935
                                                                          Entropy (8bit):4.6369398601609735
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\hu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1065
                                                                          Entropy (8bit):4.816501737523951
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\hy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2771
                                                                          Entropy (8bit):3.7629875118570055
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\id\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):858
                                                                          Entropy (8bit):4.474411340525479
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\is\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):954
                                                                          Entropy (8bit):4.631887382471946
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\it\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):899
                                                                          Entropy (8bit):4.474743599345443
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\iw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2230
                                                                          Entropy (8bit):3.8239097369647634
                                                                          Encrypted:false
                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ja\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1160
                                                                          Entropy (8bit):5.292894989863142
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ka\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3264
                                                                          Entropy (8bit):3.586016059431306
                                                                          Encrypted:false
                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\kk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3235
                                                                          Entropy (8bit):3.6081439490236464
                                                                          Encrypted:false
                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\km\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3122
                                                                          Entropy (8bit):3.891443295908904
                                                                          Encrypted:false
                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\kn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1880
                                                                          Entropy (8bit):4.295185867329351
                                                                          Encrypted:false
                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ko\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1042
                                                                          Entropy (8bit):5.3945675025513955
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\lo\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2535
                                                                          Entropy (8bit):3.8479764584971368
                                                                          Encrypted:false
                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\lt\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1028
                                                                          Entropy (8bit):4.797571191712988
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\lv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):994
                                                                          Entropy (8bit):4.700308832360794
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ml\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2091
                                                                          Entropy (8bit):4.358252286391144
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\mn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2778
                                                                          Entropy (8bit):3.595196082412897
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\mr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1719
                                                                          Entropy (8bit):4.287702203591075
                                                                          Encrypted:false
                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ms\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):936
                                                                          Entropy (8bit):4.457879437756106
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\my\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3830
                                                                          Entropy (8bit):3.5483353063347587
                                                                          Encrypted:false
                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ne\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1898
                                                                          Entropy (8bit):4.187050294267571
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\nl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.513485418448461
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\no\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):878
                                                                          Entropy (8bit):4.4541485835627475
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\pa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2766
                                                                          Entropy (8bit):3.839730779948262
                                                                          Encrypted:false
                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\pl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):978
                                                                          Entropy (8bit):4.879137540019932
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):907
                                                                          Entropy (8bit):4.599411354657937
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.604761241355716
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ro\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):937
                                                                          Entropy (8bit):4.686555713975264
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ru\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1337
                                                                          Entropy (8bit):4.69531415794894
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\si\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2846
                                                                          Entropy (8bit):3.7416822879702547
                                                                          Encrypted:false
                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\sk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):934
                                                                          Entropy (8bit):4.882122893545996
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\sl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):963
                                                                          Entropy (8bit):4.6041913416245
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\sr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1320
                                                                          Entropy (8bit):4.569671329405572
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\sv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):884
                                                                          Entropy (8bit):4.627108704340797
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\sw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):980
                                                                          Entropy (8bit):4.50673686618174
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ta\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1941
                                                                          Entropy (8bit):4.132139619026436
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\te\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1969
                                                                          Entropy (8bit):4.327258153043599
                                                                          Encrypted:false
                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\th\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1674
                                                                          Entropy (8bit):4.343724179386811
                                                                          Encrypted:false
                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\tr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1063
                                                                          Entropy (8bit):4.853399816115876
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\uk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1333
                                                                          Entropy (8bit):4.686760246306605
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\ur\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1263
                                                                          Entropy (8bit):4.861856182762435
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\vi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1074
                                                                          Entropy (8bit):5.062722522759407
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):879
                                                                          Entropy (8bit):5.7905809868505544
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1205
                                                                          Entropy (8bit):4.50367724745418
                                                                          Encrypted:false
                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):843
                                                                          Entropy (8bit):5.76581227215314
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_locales\zu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):912
                                                                          Entropy (8bit):4.65963951143349
                                                                          Encrypted:false
                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):11280
                                                                          Entropy (8bit):5.754230909218899
                                                                          Encrypted:false
                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                          Malicious:false
                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\dasherSettingSchema.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):854
                                                                          Entropy (8bit):4.284628987131403
                                                                          Encrypted:false
                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                          Malicious:false
                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2525
                                                                          Entropy (8bit):5.417689528134667
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                          MD5:10FF8E5B674311683D27CE1879384954
                                                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                          Malicious:false
                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\offscreendocument.html

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:HTML document, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):97
                                                                          Entropy (8bit):4.862433271815736
                                                                          Encrypted:false
                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                          Malicious:false
                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\offscreendocument_main.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):95567
                                                                          Entropy (8bit):5.4016395763198135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                          Malicious:false
                                                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\page_embed_script.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):291
                                                                          Entropy (8bit):4.65176400421739
                                                                          Encrypted:false
                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                          Malicious:false
                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\CRX_INSTALL\service_worker_bin_prod.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):103988
                                                                          Entropy (8bit):5.389407461078688
                                                                          Encrypted:false
                                                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                          MD5:EA946F110850F17E637B15CF22B82837
                                                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                          Malicious:false
                                                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7260_1999105281\b8eb117e-0705-4287-8c4e-08fecc3737d4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                          Category:dropped
                                                                          Size (bytes):453023
                                                                          Entropy (8bit):7.997718157581587
                                                                          Encrypted:true
                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                          Malicious:false
                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.530014602179309
                                                                          Encrypted:false
                                                                          SSDEEP:192:OnaRtZYbBp6ihj4qyaaXK6KqukfGNBw8rYSl:Zegq69zcwp0
                                                                          MD5:58582E4C71DC5ED290B6F86AEFD5019C
                                                                          SHA1:A8A81DAAA8D51B680ACDDEF02066C824E3E43F2B
                                                                          SHA-256:0F78A96E5A0DC2EF23CBBEFE1940CC1A8705A4A4FF57F95D513A5E54232ABE08
                                                                          SHA-512:1A82EA252D75621B9BD61F585E6AC54C3742F8A584D6A7430C586A0AB3A49B207D35CB7CE6C2DBBBAADCF82471A24AE45DBD0D39C3DC2B81E81134A4646580E2
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725543133);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725543133);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.530014602179309
                                                                          Encrypted:false
                                                                          SSDEEP:192:OnaRtZYbBp6ihj4qyaaXK6KqukfGNBw8rYSl:Zegq69zcwp0
                                                                          MD5:58582E4C71DC5ED290B6F86AEFD5019C
                                                                          SHA1:A8A81DAAA8D51B680ACDDEF02066C824E3E43F2B
                                                                          SHA-256:0F78A96E5A0DC2EF23CBBEFE1940CC1A8705A4A4FF57F95D513A5E54232ABE08
                                                                          SHA-512:1A82EA252D75621B9BD61F585E6AC54C3742F8A584D6A7430C586A0AB3A49B207D35CB7CE6C2DBBBAADCF82471A24AE45DBD0D39C3DC2B81E81134A4646580E2
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725543133);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725543133);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.477012105458363
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCCDptVX3JNzdDdCQ:vLz2S+EWDDoWqC+bfPK34flxd9
                                                                          MD5:0A3DFB40B91BEF522A59377BFC7FCFE5
                                                                          SHA1:C748B16292B71A554D88D3AD288AE66F9212F686
                                                                          SHA-256:06225851DDF7EA6D7DF436C78103699DD5099D89E1AA49E1800A7ACABBCE5D0C
                                                                          SHA-512:AA32FB77729B36F10863AFC35AE793425F38FB7EF7ABD21F22889CAFB0873C5A07F222AD8902052B458953BE20B88C3D234C669AE7FCD7F879DE6EB1F473B16E
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725543121728,"startTim...#02603,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.477012105458363
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCCDptVX3JNzdDdCQ:vLz2S+EWDDoWqC+bfPK34flxd9
                                                                          MD5:0A3DFB40B91BEF522A59377BFC7FCFE5
                                                                          SHA1:C748B16292B71A554D88D3AD288AE66F9212F686
                                                                          SHA-256:06225851DDF7EA6D7DF436C78103699DD5099D89E1AA49E1800A7ACABBCE5D0C
                                                                          SHA-512:AA32FB77729B36F10863AFC35AE793425F38FB7EF7ABD21F22889CAFB0873C5A07F222AD8902052B458953BE20B88C3D234C669AE7FCD7F879DE6EB1F473B16E
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725543121728,"startTim...#02603,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):6.579580855981751
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:file.exe
                                                                          File size:917'504 bytes
                                                                          MD5:f2347741815e534b4341f286ab1b3bbb
                                                                          SHA1:91a748fed388b7ece45f4baf2ca9ec74f5ea3b7b
                                                                          SHA256:f4c22832e8dc3d9cd5c3021b85a07a741f40cee7c451c38ebc66a1763491b275
                                                                          SHA512:590cdd062fcc4fc4a4436a6095a7907fe03f049734856a898398e57d0524e9cd1df5a6317d9e1fa281d9c66e5d8905fd6f9524e922fbd6c13fd3de148d1e370f
                                                                          SSDEEP:12288:RqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTOW:RqDEvCTbMWu7rQYlBQcBiT6rprG8av3
                                                                          TLSH:52159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                          File Icon

                                                                          Icon Hash:aaf3e3e3938382a0

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x420577
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x66D99140 [Thu Sep 5 11:08:48 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:5
                                                                          OS Version Minor:1
                                                                          File Version Major:5
                                                                          File Version Minor:1
                                                                          Subsystem Version Major:5
                                                                          Subsystem Version Minor:1
                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          call 00007EFE94DB2153h
                                                                          jmp 00007EFE94DB1A5Fh
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007EFE94DB1C3Dh
                                                                          mov dword ptr [esi], 0049FDF0h
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007EFE94DB1C0Ah
                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          and dword ptr [eax], 00000000h
                                                                          and dword ptr [eax+04h], 00000000h
                                                                          push eax
                                                                          mov eax, dword ptr [ebp+08h]
                                                                          add eax, 04h
                                                                          push eax
                                                                          call 00007EFE94DB47FDh
                                                                          pop ecx
                                                                          pop ecx
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          lea eax, dword ptr [ecx+04h]
                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                          push eax
                                                                          call 00007EFE94DB4848h
                                                                          pop ecx
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          push eax
                                                                          call 00007EFE94DB4831h
                                                                          test byte ptr [ebp+08h], 00000001h
                                                                          pop ecx

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [ C ] VS2008 SP1 build 30729
                                                                          • [IMP] VS2008 SP1 build 30729

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0xd40000x95000x9600b209a904dbf3ad27812ddc1009ee2990False0.28106770833333333data5.161501453534332IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                          RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                          RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                          RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                          RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                          RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                          RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                          RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                          Imports

                                                                          DLLImport
                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                          UxTheme.dllIsThemeActive
                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishGreat Britain

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 5, 2024 13:36:59.017683983 CEST49675443192.168.2.4173.222.162.32
                                                                          Sep 5, 2024 13:37:08.706882000 CEST49675443192.168.2.4173.222.162.32
                                                                          Sep 5, 2024 13:37:10.155627966 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:10.155672073 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:10.155740023 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:10.155915976 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:10.155931950 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:10.792746067 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:10.900461912 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.076915026 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.076935053 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.077405930 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.077423096 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.077456951 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.077472925 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.077483892 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.077512026 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.077523947 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.078152895 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.091373920 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.091448069 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.092206001 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.092216015 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.278666019 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.278739929 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.278755903 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.281024933 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.281109095 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.281116962 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.287460089 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.287512064 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.287520885 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.293590069 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.293638945 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.293647051 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.299911022 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.300457954 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.300467014 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.306216002 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.306273937 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.306282043 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.313026905 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.313083887 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.313092947 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.318566084 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.320489883 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.320499897 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.362571001 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.362633944 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.362643957 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.364083052 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.364129066 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.364136934 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.370450974 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.370601892 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.370609999 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.376933098 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.376979113 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.376990080 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.382848024 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.382891893 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.382900000 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.389225960 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.389276981 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.389285088 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.398441076 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.398502111 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.398513079 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.404834986 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.404887915 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.404896021 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.410039902 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.410155058 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.410164118 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.413815975 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.413880110 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.413887978 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.419501066 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.419578075 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.419584990 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.429132938 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.429179907 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.429188967 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.434112072 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.434161901 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.434179068 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.435841084 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.435890913 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.435898066 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.440983057 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.441045046 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.441054106 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.446769953 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.446852922 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.446861029 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.451738119 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.451807976 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.451816082 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.456306934 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.456373930 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.456382036 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.461947918 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.462198973 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.462208033 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.465961933 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.466022015 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.466029882 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.469490051 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.469690084 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.469702959 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.471072912 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.471121073 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.471127033 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.473664045 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.474278927 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.474287033 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.479399920 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.479950905 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.479959965 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.480649948 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.480792999 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.480799913 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.483931065 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.484038115 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.484045029 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.487543106 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.487592936 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.487600088 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.491096973 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.491238117 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.491245985 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.494384050 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.494446993 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.494455099 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.497747898 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.497824907 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.497833014 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.501492023 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.501594067 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.501605034 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.504774094 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.504821062 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.504827976 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.508398056 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.508501053 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.508508921 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.512300968 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.512341976 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.512350082 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.514961004 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.515081882 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.515088081 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.518893003 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.518937111 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.518944025 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.521686077 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.521740913 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.521750927 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.525016069 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.525094986 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.525103092 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.529058933 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.529109001 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.529115915 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.535697937 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.535747051 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.535757065 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.548943996 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.548974037 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.549009085 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.549016953 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.549057961 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.553946018 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.554231882 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:11.554280043 CEST44349743142.250.185.161192.168.2.4
                                                                          Sep 5, 2024 13:37:11.554330111 CEST49743443192.168.2.4142.250.185.161
                                                                          Sep 5, 2024 13:37:12.389142036 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.389169931 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.389338970 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.394992113 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.395004988 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.714150906 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.714180946 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.723273039 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.723469019 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.723481894 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.761471033 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.761498928 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.761720896 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:12.761750937 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.761953115 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.762207985 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:12.762507915 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:12.762516975 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.762605906 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.762619972 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.846714973 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.846744061 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.847155094 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.847181082 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.851391077 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.851402998 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.851690054 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.851701975 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.851825953 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:12.851839066 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:12.855948925 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.855961084 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.856065035 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.856543064 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:12.856554985 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:12.862250090 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.862377882 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.911935091 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.911947966 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.912115097 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.912131071 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.912136078 CEST4434975535.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.912518024 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.912554979 CEST4434976235.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:12.915486097 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.915488005 CEST49755443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.916989088 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:12.917005062 CEST4434976235.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:13.411181927 CEST4434976235.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:13.414017916 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.414551020 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.415441036 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.417701006 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:13.421955109 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:13.421973944 CEST4434976235.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:13.422056913 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:13.422144890 CEST4434976235.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:13.422370911 CEST49762443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:13.424917936 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.424942970 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.425036907 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.425046921 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.425117016 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.425132036 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.426054001 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.426059008 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.426278114 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.436618090 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.436623096 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.436624050 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.441684008 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.441747904 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.442490101 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.442555904 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.442775011 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.442842007 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.442922115 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.442979097 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.443017960 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.484504938 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.484504938 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.488502026 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.495151997 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.495156050 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.495158911 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.495162010 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.495163918 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.495170116 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.544657946 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.545299053 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.545804024 CEST49757443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.545818090 CEST44349757162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.546775103 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.546896935 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.547209978 CEST49758443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:13.547219992 CEST44349758172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.551565886 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.552536964 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.552887917 CEST49761443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:13.552897930 CEST44349761162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:13.594769001 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.598004103 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.598016024 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.598198891 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.598911047 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.600137949 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.600642920 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.600656033 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.601552963 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.601612091 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.601613998 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.601797104 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.601844072 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.603589058 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.603642941 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.603751898 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.604609013 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.606690884 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.606698036 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.607686043 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.607696056 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.609292030 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.621404886 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.621463060 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.621575117 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.644510031 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.648509026 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.668502092 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.700350046 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.700368881 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.700917006 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.700932026 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.700965881 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.701472044 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.704875946 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.704888105 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.704919100 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.704926014 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.705961943 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.705972910 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.706003904 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.706016064 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.706028938 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.706044912 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.706196070 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.708276987 CEST49759443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.708287954 CEST4434975913.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724087954 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724097013 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724132061 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724149942 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724158049 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724812984 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.724828959 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.724837065 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.726150990 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.785721064 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.785729885 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.785759926 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.785770893 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.788253069 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.788264036 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.788289070 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.788300037 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.792416096 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.792426109 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.793831110 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.793908119 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.808923006 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.808952093 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.808957100 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.808969021 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.808976889 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.809004068 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.809202909 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.809222937 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.811034918 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.811192989 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.811199903 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.811228037 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.811253071 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.811785936 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.811799049 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.814178944 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.814213991 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.872555971 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872566938 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872592926 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872603893 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872627974 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872649908 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.872682095 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.873390913 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.875657082 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.876229048 CEST49760443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.876236916 CEST4434976013.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.894673109 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.894702911 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.895371914 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.895936966 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.895972013 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.897067070 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.897083998 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.899992943 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.900002956 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.904809952 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.904825926 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.910558939 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.911499023 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.912769079 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.913605928 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.983589888 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.983633995 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.983647108 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.983660936 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.984472990 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.984502077 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.984580994 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.984590054 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.985542059 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.985555887 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.986354113 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.986361027 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.986387968 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.986404896 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987040043 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.987109900 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987133980 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987202883 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987241030 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987354994 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987370014 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.987416983 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.987423897 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:13.988595009 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.988662958 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.988713026 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.989008904 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:13.989053011 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.063770056 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.063788891 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.067773104 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.068552017 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.068558931 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.068583965 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.068869114 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.069621086 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.069634914 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.070029974 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.070065022 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071031094 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.071038961 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071111917 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071125984 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071619034 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071652889 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.071687937 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.075683117 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.076581955 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.076641083 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.076739073 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.077753067 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.084465981 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:14.086170912 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.087081909 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.093882084 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:14.161910057 CEST49756443192.168.2.413.107.246.45
                                                                          Sep 5, 2024 13:37:14.161926985 CEST4434975613.107.246.45192.168.2.4
                                                                          Sep 5, 2024 13:37:14.540802956 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:14.559947014 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.559962988 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.560116053 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.560127020 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.562022924 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.562045097 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.562316895 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.562330008 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.562501907 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.562516928 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.605423927 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.610023022 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.614878893 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:14.617593050 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.617793083 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:14.622920036 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:14.855278015 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.855308056 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.855402946 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.855426073 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.855591059 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.855737925 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856065989 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856072903 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.856223106 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856229067 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.856345892 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856367111 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.856450081 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856468916 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.856661081 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856674910 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.856775999 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.856795073 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.858607054 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.858618975 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.858618975 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.858750105 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.858937979 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.858952045 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.859045029 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.859054089 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.859136105 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.859147072 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.859221935 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:14.859232903 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:14.942480087 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:14.942502022 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:14.942786932 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:14.945156097 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:14.945166111 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.018579960 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.028476954 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.075207949 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.075223923 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.075340986 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.075346947 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.075584888 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.075701952 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.078564882 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.078623056 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.078805923 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.078916073 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.085566044 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:15.286252975 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.286397934 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.296408892 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:15.301244020 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:15.316257954 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:15.427110910 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.427151918 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.443587065 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.463355064 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.463376045 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.463922977 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.463942051 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.464093924 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.464406967 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.464421034 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.491851091 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.493005037 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.493446112 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.500693083 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.500705004 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.500799894 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.500823975 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.500895977 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.500917912 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.501804113 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.501813889 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.501964092 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.502007961 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.506314993 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.512512922 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.512542963 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.516500950 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.516797066 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.516808033 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.517107010 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.517177105 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.517182112 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.517260075 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.520503998 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.521034956 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.527540922 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.527550936 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.527568102 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.533684969 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.533700943 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.534003019 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.534084082 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.534122944 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.534199953 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.534245014 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.534286022 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.534693003 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.534770966 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.535228014 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.535238981 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.535454988 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.535521030 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.535556078 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.535584927 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.538837910 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.539231062 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.539318085 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.539702892 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.539772987 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.539839983 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.539884090 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.560506105 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.580507040 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.580507994 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.580507994 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.580517054 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.580519915 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.591854095 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.595774889 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:15.595833063 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.595846891 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.595880032 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.595896006 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.595907927 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.614135981 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.614356041 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.618588924 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.630944014 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.631388903 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.631475925 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.632210016 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.635718107 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.635988951 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.638675928 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.638693094 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.639121056 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.640726089 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.640794992 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.640827894 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.640827894 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.641273975 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.641307116 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.655767918 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.655769110 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.672812939 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:15.672833920 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.673069954 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.884505987 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.894283056 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:15.919948101 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:15.928003073 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.931257010 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.931885004 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.931905985 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.932301044 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.932311058 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.932559967 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.933001995 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.933478117 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.933491945 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.933572054 CEST49777443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.933588982 CEST4434977713.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.933851957 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.933911085 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.933934927 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.934185028 CEST49776443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.934192896 CEST4434977613.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.934401989 CEST49773443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.934415102 CEST4434977313.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.934570074 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.935997009 CEST49772443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.936013937 CEST4434977213.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.936434031 CEST49775443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.936439991 CEST4434977513.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.936575890 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.936616898 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.936618090 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.936625004 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.937572002 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.940802097 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.940817118 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.940933943 CEST49774443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:15.940943003 CEST4434977413.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:15.947180033 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.947248936 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.947470903 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.947963953 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.948033094 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.948164940 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.964510918 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:15.992499113 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.992503881 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:15.999845982 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:15.999855042 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.029634953 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.029654980 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.029942036 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.030256987 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.030268908 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.055243015 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.055982113 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.059088945 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.059191942 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.059916019 CEST49779443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.059926033 CEST44349779142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.060798883 CEST49780443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.060810089 CEST44349780142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.106065989 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.106231928 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.106313944 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.106540918 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.106549025 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.106561899 CEST49778443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.106566906 CEST44349778184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.145698071 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.145720959 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.145868063 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.146193027 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.146203041 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.378412008 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.378431082 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.378582954 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.378602982 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.378645897 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.379026890 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.379040003 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.379249096 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.379462957 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.379478931 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.513632059 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.519785881 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.519799948 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.521018028 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.521096945 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.522237062 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.522306919 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.522438049 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.564507961 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.582098961 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.582108021 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.583862066 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.586632967 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:16.586642981 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.586966991 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.587435961 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:16.587498903 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.587582111 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:16.621229887 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.621334076 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.621344090 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.621705055 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.621762037 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.621846914 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.621941090 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.621978045 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.624510050 CEST49782443192.168.2.4142.251.35.164
                                                                          Sep 5, 2024 13:37:16.624524117 CEST44349782142.251.35.164192.168.2.4
                                                                          Sep 5, 2024 13:37:16.632498980 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.687271118 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.687395096 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.687681913 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:16.689502001 CEST49781443192.168.2.413.107.246.40
                                                                          Sep 5, 2024 13:37:16.689512014 CEST4434978113.107.246.40192.168.2.4
                                                                          Sep 5, 2024 13:37:16.792331934 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.792416096 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.793678045 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.793684006 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.793940067 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.795295000 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:16.836508989 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:16.850359917 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.850847006 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.850862026 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.851231098 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.851288080 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.851911068 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.851977110 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.852216959 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.852272987 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.864640951 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.864849091 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.864869118 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.865338087 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.865389109 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.866055965 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.867717028 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.867934942 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.867993116 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.896296978 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.896301985 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.982717991 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.982738972 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:17.007184982 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:17.069238901 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:17.069288969 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:17.069703102 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:17.070739985 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:17.070753098 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:17.070763111 CEST49783443192.168.2.4184.28.90.27
                                                                          Sep 5, 2024 13:37:17.070768118 CEST44349783184.28.90.27192.168.2.4
                                                                          Sep 5, 2024 13:37:17.095972061 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:17.755992889 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:17.756036997 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:17.759349108 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:17.759747982 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:17.759763002 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.232135057 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.250513077 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.250530005 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.251590967 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.257792950 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.277677059 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.277740955 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.281263113 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.328505039 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.404867887 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.404891968 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.418454885 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:18.422384024 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.424719095 CEST49786443192.168.2.4142.250.65.170
                                                                          Sep 5, 2024 13:37:18.424734116 CEST44349786142.250.65.170192.168.2.4
                                                                          Sep 5, 2024 13:37:21.076433897 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:21.076464891 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:21.076540947 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:21.077852964 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:21.077872038 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:21.702198982 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:21.702332973 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:21.706796885 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:21.706825018 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:21.707088947 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:21.749483109 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:22.434361935 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:22.480499983 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637310028 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637340069 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637347937 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637356997 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637393951 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637404919 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:22.637422085 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.637433052 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:22.637876034 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:22.641953945 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.642030001 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:22.642374992 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:23.511076927 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:23.511094093 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:23.511107922 CEST49787443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:37:23.511113882 CEST4434978720.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:37:24.561930895 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:24.566740990 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:24.686463118 CEST4972380192.168.2.42.19.126.163
                                                                          Sep 5, 2024 13:37:24.692086935 CEST80497232.19.126.163192.168.2.4
                                                                          Sep 5, 2024 13:37:24.693455935 CEST4972380192.168.2.42.19.126.163
                                                                          Sep 5, 2024 13:37:25.094533920 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:25.099436998 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:28.978677034 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:28.978709936 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:28.978961945 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:28.979166031 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:28.979177952 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.534116030 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.534406900 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.534427881 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.535334110 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.535399914 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.536484957 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.536576986 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.536689043 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.536696911 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.583940029 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.634124994 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.634646893 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.634654999 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.634684086 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.634705067 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.634744883 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.634888887 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.635111094 CEST49793443192.168.2.4152.195.19.97
                                                                          Sep 5, 2024 13:37:29.635124922 CEST44349793152.195.19.97192.168.2.4
                                                                          Sep 5, 2024 13:37:29.929517984 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.929606915 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.930502892 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:29.930605888 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.930638075 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.930846930 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.930866957 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.931523085 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.931668997 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.931754112 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.931767941 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.931859970 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:29.931874990 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.935846090 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.935899019 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:29.936918974 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:30.386564970 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.387250900 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.387269020 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.387783051 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.388118029 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.388200998 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.412036896 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.412255049 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.412267923 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.412607908 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.412883997 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.412939072 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.435252905 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.457377911 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:34.570332050 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:34.575103998 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:35.110579014 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:35.115417004 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:41.467163086 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.467184067 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.467268944 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.467422962 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.467436075 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.469441891 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.469449997 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.469506025 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.469621897 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.469630957 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.477842093 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.477859974 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:41.478691101 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.480062962 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.480076075 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:41.934312105 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.935062885 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.935373068 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.935487032 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.939057112 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.939064026 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.939289093 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.942389965 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:41.942471027 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.942482948 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.942704916 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.942734957 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.945133924 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:41.945147991 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:41.945318937 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:41.946315050 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:41.946329117 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:41.949009895 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.949109077 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.949160099 CEST4434979834.149.100.209192.168.2.4
                                                                          Sep 5, 2024 13:37:41.951611996 CEST49798443192.168.2.434.149.100.209
                                                                          Sep 5, 2024 13:37:41.951719999 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.951805115 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.951867104 CEST4434979935.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:41.953403950 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.953439951 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.955920935 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.955936909 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:41.956015110 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.956073999 CEST4434980035.190.72.216192.168.2.4
                                                                          Sep 5, 2024 13:37:41.956976891 CEST49799443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:41.956999063 CEST49800443192.168.2.435.190.72.216
                                                                          Sep 5, 2024 13:37:41.957195044 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.958498955 CEST804977134.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:41.958797932 CEST804976834.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:41.959136009 CEST4977180192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.959162951 CEST4976880192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.961998940 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:41.962058067 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.962212086 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:41.966999054 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.427324057 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.431736946 CEST4980380192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.436556101 CEST804980334.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.436635017 CEST4980380192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.436820030 CEST4980380192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.441605091 CEST804980334.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.480451107 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.658436060 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:42.658504963 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:42.661945105 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:42.661952972 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:42.662187099 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:42.665133953 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:42.665245056 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:42.665283918 CEST4434980118.65.39.4192.168.2.4
                                                                          Sep 5, 2024 13:37:42.665421963 CEST49801443192.168.2.418.65.39.4
                                                                          Sep 5, 2024 13:37:42.674072027 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.674094915 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.674401045 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.674487114 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.674496889 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.679059982 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.683880091 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.684143066 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684156895 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.684256077 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684262991 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.684317112 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684417009 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684427977 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.684514046 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684596062 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:42.684607029 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:42.777616978 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.778233051 CEST4980380192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.781101942 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.786091089 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.786173105 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.786344051 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.791416883 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.806919098 CEST804980334.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:42.806967020 CEST4980380192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:42.834731102 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:43.135680914 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.139076948 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.141783953 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.142374039 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.142426968 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.142437935 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.142669916 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.145035028 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.145040035 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.145276070 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.147458076 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.148228884 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.148232937 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.148324966 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.148392916 CEST4434980535.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.150401115 CEST49805443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.150994062 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.151000023 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.151041985 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.151175022 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.151196003 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.151319981 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.151328087 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.154557943 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.154637098 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.154683113 CEST4434980435.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.155432940 CEST49804443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.157536030 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:43.162338972 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:43.241410971 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:43.255903006 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:43.261838913 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:43.266663074 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:43.300648928 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:43.356501102 CEST4434980635.244.181.201192.168.2.4
                                                                          Sep 5, 2024 13:37:43.358340025 CEST49806443192.168.2.435.244.181.201
                                                                          Sep 5, 2024 13:37:43.360770941 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:43.406565905 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:45.296822071 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:45.296889067 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:45.296953917 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:45.317456961 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:45.317523003 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:45.317612886 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:53.282342911 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:53.290437937 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:37:53.370997906 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:37:53.375719070 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:00.535501957 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:00.535527945 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:00.535605907 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:00.536003113 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:00.536016941 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.138972998 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.139092922 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.142895937 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.142901897 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.143100977 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.151432037 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.192506075 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.348084927 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.348109961 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.348124027 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.348370075 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.348378897 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.349256992 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.349291086 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.349329948 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.351042032 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.351115942 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.353619099 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.353627920 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.353652954 CEST49809443192.168.2.420.12.23.50
                                                                          Sep 5, 2024 13:38:01.353658915 CEST4434980920.12.23.50192.168.2.4
                                                                          Sep 5, 2024 13:38:01.910759926 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:38:01.910773993 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:38:01.995455980 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:38:01.995469093 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:38:03.300967932 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:03.310713053 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:03.385529995 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:03.390399933 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:06.675955057 CEST49794443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:06.675992966 CEST44349794162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:06.676012039 CEST49795443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:06.676039934 CEST44349795162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:09.803471088 CEST49769443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:09.803471088 CEST49770443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:09.803488016 CEST44349769172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:09.803498030 CEST44349770172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.514646053 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:10.514683008 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.514790058 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:10.514976978 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:10.514990091 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.976912022 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.977441072 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:10.977464914 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.977802038 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.978118896 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:10.978184938 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:10.978269100 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:11.020977974 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:11.020991087 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:11.115514994 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:11.115573883 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:11.115639925 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:11.115885973 CEST49811443192.168.2.423.200.0.9
                                                                          Sep 5, 2024 13:38:11.115899086 CEST4434981123.200.0.9192.168.2.4
                                                                          Sep 5, 2024 13:38:13.039077997 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.039115906 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.039319038 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.039357901 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.039443970 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.039450884 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.042424917 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042478085 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042478085 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042701960 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042714119 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.042895079 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042907953 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.042979002 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.042987108 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.312201977 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:13.317158937 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.396886110 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:13.401772022 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.500751972 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.500772953 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.501097918 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.504086971 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.504503965 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.504513025 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.504745960 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.507203102 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.507208109 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.508577108 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.510308981 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.510431051 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.510468960 CEST4434981334.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.510653019 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.510724068 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.510868073 CEST4434981434.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.510982037 CEST49813443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.511001110 CEST49814443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.514678001 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.515976906 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.640930891 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.640963078 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.641267061 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.645678043 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.645821095 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.645936012 CEST4434981234.120.208.123192.168.2.4
                                                                          Sep 5, 2024 13:38:13.646716118 CEST49812443192.168.2.434.120.208.123
                                                                          Sep 5, 2024 13:38:13.647835016 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:13.652709961 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.660085917 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 5, 2024 13:38:13.669641972 CEST8049724199.232.214.172192.168.2.4
                                                                          Sep 5, 2024 13:38:13.669701099 CEST4972480192.168.2.4199.232.214.172
                                                                          Sep 5, 2024 13:38:13.746223927 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.749025106 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:13.753911972 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.798038006 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:13.845334053 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:13.898329020 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:23.761099100 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:23.765990973 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:23.853455067 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:23.858489037 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:33.780911922 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:33.785931110 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:33.862824917 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:33.867798090 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:43.797677040 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:43.803463936 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:43.877497911 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:43.882426977 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:46.925112963 CEST49784443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:38:46.925132990 CEST44349784142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:38:47.009754896 CEST49785443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:38:47.009769917 CEST44349785142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:38:53.813698053 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:53.818553925 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:38:53.891772985 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:38:53.896593094 CEST804980734.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:39:03.819638014 CEST4980280192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:39:03.824460983 CEST804980234.107.221.82192.168.2.4
                                                                          Sep 5, 2024 13:39:03.904388905 CEST4980780192.168.2.434.107.221.82
                                                                          Sep 5, 2024 13:39:03.909252882 CEST804980734.107.221.82192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 5, 2024 13:37:08.802519083 CEST53580521.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:09.794646025 CEST6516753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:09.794917107 CEST6364553192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:10.146658897 CEST6101953192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:10.146816969 CEST5747153192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:10.153477907 CEST53610191.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:10.154633999 CEST53574711.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:11.410089970 CEST53529941.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:11.775919914 CEST53558961.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.389305115 CEST5360453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.396910906 CEST53536041.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.397559881 CEST5674253192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.405581951 CEST53567421.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.738589048 CEST5759953192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.738759995 CEST5373153192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.739017010 CEST5512453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.739151955 CEST6337753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.745549917 CEST53537311.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.745896101 CEST53633771.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.746227980 CEST53575991.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.748028040 CEST53551241.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.844201088 CEST5478453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.844408989 CEST6131753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:12.851295948 CEST53547841.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:12.851584911 CEST53613171.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:14.065653086 CEST5618753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.078351021 CEST6190753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.086922884 CEST53619071.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:14.090342999 CEST6311253192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.098999977 CEST53631121.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:14.256444931 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.559561968 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.581757069 CEST6246853192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.589102983 CEST53624681.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:14.590488911 CEST6377353192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.597981930 CEST53637731.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:14.599709034 CEST5939453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:14.734935999 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.734962940 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.734975100 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.735037088 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.735048056 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.745817900 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.747740984 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.747844934 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.749249935 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.749399900 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.817203999 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.817399025 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.841891050 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.842034101 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.842045069 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.842055082 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.844135046 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.845928907 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.846519947 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.854207993 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.854357958 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.854552031 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.912096977 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.913263083 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.913382053 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:14.914387941 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:14.948314905 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.075400114 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.278043985 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.278258085 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.374007940 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.377559900 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.378222942 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:15.425095081 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.932889938 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:15.933115005 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:16.028002024 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:16.028445959 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:16.028728962 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:16.028980970 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:16.063782930 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.378010035 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.515811920 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.515954018 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.520179033 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.522402048 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.522416115 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.522427082 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.522638083 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.532464981 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.532908916 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.533968925 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.534082890 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.534497023 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.534509897 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.549410105 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.633400917 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.633877039 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.633888960 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.634114981 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.647967100 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.648294926 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.648355961 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.648700953 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.650511980 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.661957026 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.662365913 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:16.663834095 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.689237118 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:16.763592005 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:17.653259039 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:17.653512955 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:17.748209953 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:17.748888969 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:17.749279022 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:17.752752066 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:24.496233940 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:24.496295929 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:24.594822884 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:24.625879049 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:24.626003027 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:24.628361940 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:24.676625967 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:24.709264040 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:24.794759989 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:24.795003891 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:25.275105000 CEST138138192.168.2.4192.168.2.255
                                                                          Sep 5, 2024 13:37:28.812303066 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:28.812438965 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:28.976984978 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:28.976999998 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:28.977073908 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:28.977415085 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:28.978106976 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:29.928159952 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:29.928672075 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:29.929824114 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.023667097 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.024403095 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.024533033 CEST44362164172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.024847984 CEST62164443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:37:30.234807014 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.384057045 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.384104967 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.384130001 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.384144068 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.384160995 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.384660006 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.386559963 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.386672020 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.386919975 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.387039900 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.487596035 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.487714052 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.488117933 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.488136053 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.488163948 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.488285065 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.488862038 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.488883972 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.489129066 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:30.587821960 CEST44363996162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:37:30.620237112 CEST63996443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:37:41.459594965 CEST6480253192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.466260910 CEST53648021.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.467292070 CEST5327453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.469629049 CEST5082553192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.474450111 CEST53532741.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.475018024 CEST5011353192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.477159023 CEST53508251.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.478204966 CEST6085353192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.481996059 CEST53501131.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.486624956 CEST53608531.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.927978039 CEST6294453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.935847044 CEST53629441.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.937500000 CEST5928153192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.949145079 CEST53592811.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:41.959450960 CEST5648653192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:37:41.966562033 CEST53564861.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:37:45.505930901 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:45.619283915 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:45.619400024 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:45.619847059 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:45.659002066 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:45.743161917 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:46.166461945 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:46.288113117 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:46.288155079 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:37:46.289136887 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:46.317703009 CEST52948443192.168.2.4142.251.40.174
                                                                          Sep 5, 2024 13:37:46.412543058 CEST44352948142.251.40.174192.168.2.4
                                                                          Sep 5, 2024 13:38:09.804300070 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:09.804457903 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:09.804688931 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:09.804780006 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.234386921 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.266340971 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.267118931 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.297533035 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.314810038 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.316553116 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.332427979 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.332494020 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.332506895 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.332515001 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.332737923 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.332839012 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.332839012 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.378793955 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.406085968 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.413238049 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.413455963 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.413672924 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.415091038 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.415803909 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.415937901 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.417021036 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.430989981 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.469626904 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.512860060 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.513494968 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.513504028 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:10.513756990 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:10.720362902 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.877820969 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.878113031 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.878176928 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.878206015 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.878217936 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.882783890 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.885232925 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.885354996 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.986167908 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.986181021 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.986200094 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.986234903 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:10.986440897 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:10.986592054 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:11.086950064 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:13.039885998 CEST5198953192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:38:13.046797037 CEST53519891.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:38:13.049035072 CEST6086553192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:38:13.056643963 CEST53608651.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:38:13.647706985 CEST5782453192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:38:17.514514923 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:17.514658928 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:17.612955093 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:17.613564014 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:17.613677025 CEST44360926172.64.41.3192.168.2.4
                                                                          Sep 5, 2024 13:38:17.614195108 CEST60926443192.168.2.4172.64.41.3
                                                                          Sep 5, 2024 13:38:17.614984989 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:17.615026951 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.070380926 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.071533918 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.071547031 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.071557999 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.071571112 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.071871996 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.071935892 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.073015928 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.073265076 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.172549009 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.172586918 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.172607899 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.172866106 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.173209906 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.206368923 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.219440937 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.219454050 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.219461918 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:18.219845057 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.219964981 CEST51846443192.168.2.4172.253.115.84
                                                                          Sep 5, 2024 13:38:18.344672918 CEST44351846172.253.115.84192.168.2.4
                                                                          Sep 5, 2024 13:38:30.985672951 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:31.013988018 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:31.584789038 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:38:31.615308046 CEST50180443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:38:37.673233986 CEST6238753192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:38:37.673377991 CEST5786353192.168.2.41.1.1.1
                                                                          Sep 5, 2024 13:38:37.680794001 CEST53578631.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:38:37.681020021 CEST53623871.1.1.1192.168.2.4
                                                                          Sep 5, 2024 13:38:37.682106018 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:37.682229996 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:37.682450056 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:37.682533026 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.098541021 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.194286108 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.194993019 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.222691059 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.286113977 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.286132097 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.286147118 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.286156893 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.286581993 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.286653996 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.286737919 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.291043043 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.328733921 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.382500887 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.382971048 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:38.480249882 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.480581045 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.480706930 CEST44353805162.159.61.3192.168.2.4
                                                                          Sep 5, 2024 13:38:38.481271029 CEST53805443192.168.2.4162.159.61.3
                                                                          Sep 5, 2024 13:38:41.377465963 CEST4435018023.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.374424934 CEST58275443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:39:10.825645924 CEST4435827523.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.825700998 CEST4435827523.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.826423883 CEST58275443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:39:10.921614885 CEST4435827523.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.921646118 CEST4435827523.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.921662092 CEST4435827523.43.85.16192.168.2.4
                                                                          Sep 5, 2024 13:39:10.922445059 CEST58275443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:39:10.950377941 CEST58275443192.168.2.423.43.85.16
                                                                          Sep 5, 2024 13:39:11.020672083 CEST4435827523.43.85.16192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Sep 5, 2024 13:37:09.794646025 CEST192.168.2.41.1.1.10x18a5Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:09.794917107 CEST192.168.2.41.1.1.10xd109Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:10.146658897 CEST192.168.2.41.1.1.10xe944Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:10.146816969 CEST192.168.2.41.1.1.10x626cStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.389305115 CEST192.168.2.41.1.1.10xb403Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.397559881 CEST192.168.2.41.1.1.10xf85bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.738589048 CEST192.168.2.41.1.1.10x3b37Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.738759995 CEST192.168.2.41.1.1.10xb685Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.739017010 CEST192.168.2.41.1.1.10x1317Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.739151955 CEST192.168.2.41.1.1.10xa46Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.844201088 CEST192.168.2.41.1.1.10x7e64Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.844408989 CEST192.168.2.41.1.1.10xc262Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.065653086 CEST192.168.2.41.1.1.10xcff5Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.078351021 CEST192.168.2.41.1.1.10xccb5Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.090342999 CEST192.168.2.41.1.1.10x11bcStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.581757069 CEST192.168.2.41.1.1.10x754aStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.590488911 CEST192.168.2.41.1.1.10x6955Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.599709034 CEST192.168.2.41.1.1.10x896dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.459594965 CEST192.168.2.41.1.1.10x1882Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.467292070 CEST192.168.2.41.1.1.10x46b2Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.469629049 CEST192.168.2.41.1.1.10x886cStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.475018024 CEST192.168.2.41.1.1.10x42d2Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.478204966 CEST192.168.2.41.1.1.10x55c9Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.927978039 CEST192.168.2.41.1.1.10xf778Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.937500000 CEST192.168.2.41.1.1.10xeb63Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.959450960 CEST192.168.2.41.1.1.10x3567Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.039885998 CEST192.168.2.41.1.1.10x1a95Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.049035072 CEST192.168.2.41.1.1.10xb99cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.647706985 CEST192.168.2.41.1.1.10x9daStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:37.673233986 CEST192.168.2.41.1.1.10x22f1Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:37.673377991 CEST192.168.2.41.1.1.10xddaStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Sep 5, 2024 13:37:09.803154945 CEST1.1.1.1192.168.2.40xd109No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:09.803220034 CEST1.1.1.1192.168.2.40x18a5No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:10.153477907 CEST1.1.1.1192.168.2.40xe944No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:10.153477907 CEST1.1.1.1192.168.2.40xe944No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:10.154633999 CEST1.1.1.1192.168.2.40x626cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:11.585710049 CEST1.1.1.1192.168.2.40xd866No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:11.586163044 CEST1.1.1.1192.168.2.40xa500No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:11.586163044 CEST1.1.1.1192.168.2.40xa500No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.385231018 CEST1.1.1.1192.168.2.40xf993No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.396910906 CEST1.1.1.1192.168.2.40xb403No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.601201057 CEST1.1.1.1192.168.2.40x9440No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.601201057 CEST1.1.1.1192.168.2.40x9440No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.638335943 CEST1.1.1.1192.168.2.40x7250No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.710360050 CEST1.1.1.1192.168.2.40x87c0No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.710360050 CEST1.1.1.1192.168.2.40x87c0No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.745549917 CEST1.1.1.1192.168.2.40xb685No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.745896101 CEST1.1.1.1192.168.2.40xa46No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.746227980 CEST1.1.1.1192.168.2.40x3b37No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.746227980 CEST1.1.1.1192.168.2.40x3b37No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.748028040 CEST1.1.1.1192.168.2.40x1317No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.748028040 CEST1.1.1.1192.168.2.40x1317No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.851295948 CEST1.1.1.1192.168.2.40x7e64No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.851295948 CEST1.1.1.1192.168.2.40x7e64No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:12.851584911 CEST1.1.1.1192.168.2.40xc262No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.074554920 CEST1.1.1.1192.168.2.40xcff5No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.074554920 CEST1.1.1.1192.168.2.40xcff5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.086922884 CEST1.1.1.1192.168.2.40xccb5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.098999977 CEST1.1.1.1192.168.2.40x11bcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.589102983 CEST1.1.1.1192.168.2.40x754aNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.597981930 CEST1.1.1.1192.168.2.40x6955No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.597981930 CEST1.1.1.1192.168.2.40x6955No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.607279062 CEST1.1.1.1192.168.2.40x896dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.607279062 CEST1.1.1.1192.168.2.40x896dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.688039064 CEST1.1.1.1192.168.2.40x9f67No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:14.688039064 CEST1.1.1.1192.168.2.40x9f67No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:15.905514956 CEST1.1.1.1192.168.2.40x9f67No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:15.905514956 CEST1.1.1.1192.168.2.40x9f67No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:16.919256926 CEST1.1.1.1192.168.2.40x9f67No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:16.919256926 CEST1.1.1.1192.168.2.40x9f67No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:18.921914101 CEST1.1.1.1192.168.2.40x9f67No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:18.921914101 CEST1.1.1.1192.168.2.40x9f67No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:22.933162928 CEST1.1.1.1192.168.2.40x9f67No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:22.933162928 CEST1.1.1.1192.168.2.40x9f67No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.466260910 CEST1.1.1.1192.168.2.40x1882No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.466260910 CEST1.1.1.1192.168.2.40x1882No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.468554974 CEST1.1.1.1192.168.2.40x2fe5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.468554974 CEST1.1.1.1192.168.2.40x2fe5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.474450111 CEST1.1.1.1192.168.2.40x46b2No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.477159023 CEST1.1.1.1192.168.2.40x886cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.935847044 CEST1.1.1.1192.168.2.40xf778No error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.935847044 CEST1.1.1.1192.168.2.40xf778No error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.935847044 CEST1.1.1.1192.168.2.40xf778No error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.935847044 CEST1.1.1.1192.168.2.40xf778No error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.949145079 CEST1.1.1.1192.168.2.40xeb63No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.949145079 CEST1.1.1.1192.168.2.40xeb63No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.949145079 CEST1.1.1.1192.168.2.40xeb63No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:41.949145079 CEST1.1.1.1192.168.2.40xeb63No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:42.683408022 CEST1.1.1.1192.168.2.40x18b1No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:42.683408022 CEST1.1.1.1192.168.2.40x18b1No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:43.171494961 CEST1.1.1.1192.168.2.40x8e08No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:37:43.171494961 CEST1.1.1.1192.168.2.40x8e08No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.012226105 CEST1.1.1.1192.168.2.40xae60No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.046797037 CEST1.1.1.1192.168.2.40x1a95No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.654963017 CEST1.1.1.1192.168.2.40x9daNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:13.654963017 CEST1.1.1.1192.168.2.40x9daNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:37.680794001 CEST1.1.1.1192.168.2.40xddaNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 5, 2024 13:38:37.681020021 CEST1.1.1.1192.168.2.40x22f1No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 5, 2024 13:38:37.681020021 CEST1.1.1.1192.168.2.40x22f1No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • clients2.googleusercontent.com
                                                                          • chrome.cloudflare-dns.com
                                                                          • edgeassetservice.azureedge.net
                                                                          • https:
                                                                            • www.google.com
                                                                          • fs.microsoft.com
                                                                          • www.googleapis.com
                                                                          • slscr.update.microsoft.com
                                                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          • detectportal.firefox.com

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.44976834.107.221.82805840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 5, 2024 13:37:14.087081909 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 5, 2024 13:37:14.540802956 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                          Age: 42724
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 5, 2024 13:37:24.561930895 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:37:34.570332050 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.44977134.107.221.82805840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 5, 2024 13:37:14.617793083 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 5, 2024 13:37:15.085566044 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                          Age: 11510
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 5, 2024 13:37:15.296408892 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                          Age: 11510
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 5, 2024 13:37:25.094533920 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:37:35.110579014 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.44980234.107.221.82805840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 5, 2024 13:37:41.962212086 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 5, 2024 13:37:42.427324057 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                          Age: 42752
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 5, 2024 13:37:42.679059982 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 5, 2024 13:37:42.777616978 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                          Age: 42752
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 5, 2024 13:37:43.157536030 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 5, 2024 13:37:43.255903006 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                          Age: 42753
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 5, 2024 13:37:53.282342911 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:03.300967932 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:13.312201977 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:13.647835016 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 5, 2024 13:38:13.746223927 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 23:45:10 GMT
                                                                          Age: 42783
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 5, 2024 13:38:23.761099100 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:33.780911922 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:43.797677040 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:53.813698053 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:39:03.819638014 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.44980334.107.221.82805840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 5, 2024 13:37:42.436820030 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.44980734.107.221.82805840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 5, 2024 13:37:42.786344051 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 5, 2024 13:37:43.241410971 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                          Age: 61557
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 5, 2024 13:37:43.261838913 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 5, 2024 13:37:43.360770941 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                          Age: 61557
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 5, 2024 13:37:53.370997906 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:03.385529995 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:13.396886110 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:13.749025106 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 5, 2024 13:38:13.845334053 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                          Age: 61587
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 5, 2024 13:38:23.853455067 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:33.862824917 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:43.877497911 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:38:53.891772985 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 5, 2024 13:39:03.904388905 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449743142.250.185.1614437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:11 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                          Host: clients2.googleusercontent.com
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:11 UTC566INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 135751
                                                                          X-GUploader-UploadID: AD-8ljtu1zJSQ3bHL5GAb9wOuCbd34RY1JORtYlgFjvfcHqyP2BQ8b0y-u3dusruu0DbhH1wtUI
                                                                          X-Goog-Hash: crc32c=IDdmTg==
                                                                          Server: UploadServer
                                                                          Date: Wed, 04 Sep 2024 19:26:09 GMT
                                                                          Expires: Thu, 04 Sep 2025 19:26:09 GMT
                                                                          Cache-Control: public, max-age=31536000
                                                                          Age: 58262
                                                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                          Content-Type: application/x-chrome-extension
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-05 11:37:11 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                          Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                          Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                          Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                          Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                          Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                          Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                          Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                          Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                          2024-09-05 11:37:11 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                          Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.449758172.64.41.34437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-05 11:37:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-05 11:37:13 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be5ed1369170f49-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-05 11:37:13 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom&(c)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.449761162.159.61.34437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-05 11:37:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-05 11:37:13 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be5ed136d1a42cd-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-05 11:37:13 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 8d 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom()


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.449757162.159.61.34437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-05 11:37:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-05 11:37:13 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8be5ed135e5f72b6-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-05 11:37:13 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 16 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomA)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.44976013.107.246.454437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                          Sec-Mesh-Client-Edge-Channel: stable
                                                                          Sec-Mesh-Client-OS: Windows
                                                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                          Sec-Mesh-Client-Arch: x86_64
                                                                          Sec-Mesh-Client-WebView: 0
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:13 UTC555INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 70207
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                          ETag: 0x8DCB31E67C22927
                                                                          x-ms-request-id: 3afe9785-e01e-0066-3464-fbda5d000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113713Z-16579567576s4v5z9ks8mdk6fw0000000cag0000000068up
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:13 UTC15829INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db b1
                                                                          Data Ascii: *|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 1e
                                                                          Data Ascii: kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q@4'
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 7d
                                                                          Data Ascii: CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[}
                                                                          2024-09-05 11:37:13 UTC5226INData Raw: b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 c0
                                                                          Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.44975913.107.246.454437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: ArbitrationService
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:13 UTC559INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 11989
                                                                          Connection: close
                                                                          Last-Modified: Wed, 04 Sep 2024 17:17:44 GMT
                                                                          ETag: 0x8DCCD057D8088C1
                                                                          x-ms-request-id: f7ce689d-701e-002c-4072-ffea3a000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113713Z-16579567576ztstdfgdnkw0mpw0000000cd000000000f7ay
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:13 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                          Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.44975613.107.246.454437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:13 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: Shoreline
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:13 UTC577INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:13 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 306698
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                          ETag: 0x8DBC9B5C40EBFF4
                                                                          x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113713Z-16579567576fh7f86y3uqsyhx00000000c4g00000000ezdp
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:13 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                          Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                          Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                          Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                          Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                          Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                          Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                          Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                          Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                          2024-09-05 11:37:13 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                          Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.44977713.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC536INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1966
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                          ETag: 0x8DBDCB5EC122A94
                                                                          x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-165795675767jvm9z21nmtw4wn0000000c1g00000000dt1n
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.44977513.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC536INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1751
                                                                          Connection: close
                                                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                          ETag: 0x8DBCEA8D5AACC85
                                                                          x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-16579567576pg4fvvmc18u0v4g0000000ceg000000005bck
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.44977413.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC536INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1427
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                          ETag: 0x8DBDCB5EF021F8E
                                                                          x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-16579567576txfkctmnqv2e9c40000000bz000000000cfpm
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.44977213.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC543INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2008
                                                                          Connection: close
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                          ETag: 0x8DBC9B5C0C17219
                                                                          x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-16579567576mj4tcuw5tk3rrkw00000001n0000000004xuv
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.44977313.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC515INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2229
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                          ETag: 0x8DBD59359A9E77B
                                                                          x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-16579567576pgh4h94c7qn0kuc0000000c8000000000d0a6
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.44977613.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:15 UTC543INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:15 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1154
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                          ETag: 0x8DBD5935D5B3965
                                                                          x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113715Z-16579567576mj4tcuw5tk3rrkw00000001n0000000004xuy
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:15 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.449778184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-05 11:37:16 UTC467INHTTP/1.1 200 OK
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF67)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=104904
                                                                          Date: Thu, 05 Sep 2024 11:37:16 GMT
                                                                          Connection: close
                                                                          X-CID: 2


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.449780142.251.40.1744437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:16 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Thu, 05 Sep 2024 11:37:16 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.449779142.251.40.1744437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:15 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:16 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Thu, 05 Sep 2024 11:37:16 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.449782142.251.35.1644437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:16 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                          Host: www.google.com
                                                                          Connection: keep-alive
                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                          sec-ch-ua-mobile: ?0
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          sec-ch-ua-arch: "x86"
                                                                          sec-ch-ua-full-version: "117.0.2045.47"
                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                          sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                          sec-ch-ua-bitness: "64"
                                                                          sec-ch-ua-model: ""
                                                                          sec-ch-ua-wow64: ?0
                                                                          sec-ch-ua-platform: "Windows"
                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: image
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:16 UTC705INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                          Content-Length: 5430
                                                                          X-Content-Type-Options: nosniff
                                                                          Server: sffe
                                                                          X-XSS-Protection: 0
                                                                          Date: Thu, 05 Sep 2024 08:59:45 GMT
                                                                          Expires: Fri, 13 Sep 2024 08:59:45 GMT
                                                                          Cache-Control: public, max-age=691200
                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                          Content-Type: image/x-icon
                                                                          Vary: Accept-Encoding
                                                                          Age: 9451
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-05 11:37:16 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                          2024-09-05 11:37:16 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                          2024-09-05 11:37:16 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                          2024-09-05 11:37:16 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: BBBBBBF!4I
                                                                          2024-09-05 11:37:16 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: $'


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.44978113.107.246.404437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:16 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:16 UTC543INHTTP/1.1 200 OK
                                                                          Date: Thu, 05 Sep 2024 11:37:16 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1468
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                          ETag: 0x8DBDCB5E23DFC43
                                                                          x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240905T113716Z-16579567576gnfmq2acf56mm700000000c70000000008bp0
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-05 11:37:16 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.449783184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:16 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                          Range: bytes=0-2147483646
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-05 11:37:17 UTC515INHTTP/1.1 200 OK
                                                                          ApiVersion: Distribute 1.1
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF06)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=104958
                                                                          Date: Thu, 05 Sep 2024 11:37:16 GMT
                                                                          Content-Length: 55
                                                                          Connection: close
                                                                          X-CID: 2
                                                                          2024-09-05 11:37:17 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.449786142.250.65.1704437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:18 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                          Host: www.googleapis.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 119
                                                                          Content-Type: application/json
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:18 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 6a 68 4a 30 69 4d 75 75 4b 2f 57 58 51 49 38 6f 62 50 31 74 59 76 46 37 6d 54 4a 5a 6a 48 71 44 41 46 53 6d 2f 79 76 57 57 68 67 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                          Data Ascii: {"hash":"jhJ0iMuuK/WXQI8obP1tYvF7mTJZjHqDAFSm/yvWWhg=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                          2024-09-05 11:37:18 UTC341INHTTP/1.1 200 OK
                                                                          Content-Type: application/json; charset=UTF-8
                                                                          Vary: Origin
                                                                          Vary: X-Origin
                                                                          Vary: Referer
                                                                          Date: Thu, 05 Sep 2024 11:37:18 GMT
                                                                          Server: ESF
                                                                          Content-Length: 483
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-05 11:37:18 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 56 34 41 42 77 6a 51 49 32 2b 70 58 4f 57 49 30 45 6b 62 74 77 4d 63 69 4a 38 68 52 7a 63 36 42 76 67 4a 66 37 42 57 68 39 61 6e 69 4c 34 37 51 75 63 5a 75 6e 4b 79 39 48 36 68 70 66 49 6b 48 53 36 54 47 7a 4e 4f 48 62 48 55 62 6b 54 47 74 72 2b 58 54 79 52 31 74 5a 55 6e 6e 41 39 64 45 43 6b 48 6d 41 72 2f 54 5a 45 6a 46 6a 6f 4c 35 65 57 51 75 77 43 7a 44 62 30 56 35 4e 7a 30 4e 70 73 65 6a 34 6a 31 71 54 63 72 4b 65 31 34 6f 70 46 65 51 47 2b 76 33 62 42 37 77 67 65 4c 6a 67 75 39 32 70 7a 7a 31 48 44 66 47 76 53 47 41 64 75 7a 71 6c 67 64 4d 69 67 4d 65 48 78 7a 4d 4d 72 48 7a 77 50 4d 6e 6a 57 52 59 58 41 64 47 75 5a 6d 39
                                                                          Data Ascii: { "protocol_version": 1, "signature": "V4ABwjQI2+pXOWI0EkbtwMciJ8hRzc6BvgJf7BWh9aniL47QucZunKy9H6hpfIkHS6TGzNOHbHUbkTGtr+XTyR1tZUnnA9dECkHmAr/TZEjFjoL5eWQuwCzDb0V5Nz0Npsej4j1qTcrKe14opFeQG+v3bB7wgeLjgu92pzz1HDfGvSGAduzqlgdMigMeHxzMMrHzwPMnjWRYXAdGuZm9


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.44978720.12.23.50443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:22 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UPW3fbrBfWyooUr&MD=ulGS49tt HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-05 11:37:22 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                          MS-CorrelationId: 11684322-eea3-498d-a842-90acbee04af7
                                                                          MS-RequestId: ed28e0f8-e27e-458c-a467-e89fbb6ba91e
                                                                          MS-CV: 6ZMSRquI4Uq7GgCQ.0
                                                                          X-Microsoft-SLSClientCache: 2880
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Thu, 05 Sep 2024 11:37:22 GMT
                                                                          Connection: close
                                                                          Content-Length: 24490
                                                                          2024-09-05 11:37:22 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                          2024-09-05 11:37:22 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.449793152.195.19.974437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:37:29 UTC618OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726141031&P2=404&P3=2&P4=JJiTaRIZzp9oYiJWGcgvBzXgMjOC5YHhMgd6ivASYyq2vYjATxBr8ZwUVhe5B%2fzSfob8HIGt%2be%2f14Dd329goQQ%3d%3d HTTP/1.1
                                                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          Connection: keep-alive
                                                                          MS-CV: M8JDbJH3976bD9txO1gTgP
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:37:29 UTC632INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Age: 5462780
                                                                          Cache-Control: public, max-age=17280000
                                                                          Content-Type: application/x-chrome-extension
                                                                          Date: Thu, 05 Sep 2024 11:37:29 GMT
                                                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                          Server: ECAcc (nyd/D11E)
                                                                          X-AspNet-Version: 4.0.30319
                                                                          X-AspNetMvc-Version: 5.3
                                                                          X-Cache: HIT
                                                                          X-CCC: US
                                                                          X-CID: 11
                                                                          X-Powered-By: ASP.NET
                                                                          X-Powered-By: ARR/3.0
                                                                          X-Powered-By: ASP.NET
                                                                          Content-Length: 11185
                                                                          Connection: close
                                                                          2024-09-05 11:37:29 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.44980920.12.23.50443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:38:01 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UPW3fbrBfWyooUr&MD=ulGS49tt HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-05 11:38:01 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                          MS-CorrelationId: 24e80305-e4c1-44a5-a8cf-de4427dedbdc
                                                                          MS-RequestId: c1537084-a781-4b08-84d6-f6d5282aec8a
                                                                          MS-CV: /1EZNkEmTkK7VhtY.0
                                                                          X-Microsoft-SLSClientCache: 1440
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Thu, 05 Sep 2024 11:38:00 GMT
                                                                          Connection: close
                                                                          Content-Length: 30005
                                                                          2024-09-05 11:38:01 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                          2024-09-05 11:38:01 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.44981123.200.0.94437724C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-05 11:38:10 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Origin: https://business.bing.com
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: content-type
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-05 11:38:11 UTC330INHTTP/1.1 429 Too Many Requests
                                                                          Content-Length: 0
                                                                          Date: Thu, 05 Sep 2024 11:38:11 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.09ac2d17.1725536291.3c9c11
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:07:37:02
                                                                          Start date:05/09/2024
                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                          Imagebase:0x340000
                                                                          File size:917'504 bytes
                                                                          MD5 hash:F2347741815E534B4341F286AB1B3BBB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:3
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:5
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:6
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2020,i,5963254850939977183,9434905447902216501,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:7
                                                                          Start time:07:37:03
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:8
                                                                          Start time:07:37:05
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:9
                                                                          Start time:07:37:08
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6324 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:10
                                                                          Start time:07:37:08
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6428 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:13
                                                                          Start time:07:37:09
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f64e06-dea7-44d2-8a91-9f96d74627a4} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21760b6f710 socket
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:14
                                                                          Start time:07:37:11
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
                                                                          Imagebase:0x7ff7159a0000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:15
                                                                          Start time:07:37:11
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7032 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
                                                                          Imagebase:0x7ff7159a0000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:16
                                                                          Start time:07:37:13
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -parentBuildID 20230927232528 -prefsHandle 4100 -prefMapHandle 4140 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59078482-befa-4e67-8e41-69a7cdaffa12} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 21772b51310 rdd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:18
                                                                          Start time:07:37:23
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:19
                                                                          Start time:07:37:23
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2052,i,4244866620272648045,11370639625438014760,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:22
                                                                          Start time:07:37:31
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:23
                                                                          Start time:07:37:31
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,6266940162916777507,10081284063565068560,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:25
                                                                          Start time:07:38:05
                                                                          Start date:05/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6660 --field-trial-handle=2656,i,6167282930872724113,6617989984813803393,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:1.9%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:7.8%
                                                                            Total number of Nodes:1367
                                                                            Total number of Limit Nodes:39
                                                                            execution_graph 94189 343156 94192 343170 94189->94192 94193 343187 94192->94193 94194 34318c 94193->94194 94195 3431eb 94193->94195 94196 3431e9 94193->94196 94197 343265 PostQuitMessage 94194->94197 94198 343199 94194->94198 94200 382dfb 94195->94200 94201 3431f1 94195->94201 94199 3431d0 DefWindowProcW 94196->94199 94205 34316a 94197->94205 94203 3431a4 94198->94203 94204 382e7c 94198->94204 94199->94205 94244 3418e2 10 API calls 94200->94244 94206 34321d SetTimer RegisterWindowMessageW 94201->94206 94207 3431f8 94201->94207 94209 382e68 94203->94209 94210 3431ae 94203->94210 94258 3abf30 34 API calls ___scrt_fastfail 94204->94258 94206->94205 94211 343246 CreatePopupMenu 94206->94211 94213 382d9c 94207->94213 94214 343201 KillTimer 94207->94214 94208 382e1c 94245 35e499 42 API calls 94208->94245 94257 3ac161 27 API calls ___scrt_fastfail 94209->94257 94217 382e4d 94210->94217 94218 3431b9 94210->94218 94211->94205 94220 382da1 94213->94220 94221 382dd7 MoveWindow 94213->94221 94237 3430f2 94214->94237 94217->94199 94256 3a0ad7 22 API calls 94217->94256 94224 3431c4 94218->94224 94225 343253 94218->94225 94219 382e8e 94219->94199 94219->94205 94226 382dc6 SetFocus 94220->94226 94227 382da7 94220->94227 94221->94205 94223 343263 94223->94205 94224->94199 94234 3430f2 Shell_NotifyIconW 94224->94234 94242 34326f 44 API calls ___scrt_fastfail 94225->94242 94226->94205 94227->94224 94231 382db0 94227->94231 94243 3418e2 10 API calls 94231->94243 94235 382e41 94234->94235 94246 343837 94235->94246 94238 343154 94237->94238 94239 343104 ___scrt_fastfail 94237->94239 94241 343c50 DeleteObject DestroyWindow 94238->94241 94240 343123 Shell_NotifyIconW 94239->94240 94240->94238 94241->94205 94242->94223 94243->94205 94244->94208 94245->94224 94247 343862 ___scrt_fastfail 94246->94247 94259 344212 94247->94259 94250 3438e8 94252 343906 Shell_NotifyIconW 94250->94252 94253 383386 Shell_NotifyIconW 94250->94253 94263 343923 94252->94263 94255 34391c 94255->94196 94256->94196 94257->94223 94258->94219 94260 3438b7 94259->94260 94261 3835a4 94259->94261 94260->94250 94285 3ac874 42 API calls _strftime 94260->94285 94261->94260 94262 3835ad DestroyIcon 94261->94262 94262->94260 94264 343a13 94263->94264 94265 34393f 94263->94265 94264->94255 94286 346270 94265->94286 94268 383393 LoadStringW 94271 3833ad 94268->94271 94269 34395a 94291 346b57 94269->94291 94279 343994 ___scrt_fastfail 94271->94279 94304 34a8c7 22 API calls __fread_nolock 94271->94304 94272 34396f 94273 3833c9 94272->94273 94274 34397c 94272->94274 94305 346350 22 API calls 94273->94305 94274->94271 94276 343986 94274->94276 94303 346350 22 API calls 94276->94303 94282 3439f9 Shell_NotifyIconW 94279->94282 94280 3833d7 94280->94279 94306 3433c6 94280->94306 94282->94264 94283 3833f9 94284 3433c6 22 API calls 94283->94284 94284->94279 94285->94250 94315 35fe0b 94286->94315 94288 346295 94325 35fddb 94288->94325 94290 34394d 94290->94268 94290->94269 94292 346b67 _wcslen 94291->94292 94293 384ba1 94291->94293 94296 346ba2 94292->94296 94297 346b7d 94292->94297 94351 3493b2 94293->94351 94295 384baa 94295->94295 94299 35fddb 22 API calls 94296->94299 94350 346f34 22 API calls 94297->94350 94301 346bae 94299->94301 94300 346b85 __fread_nolock 94300->94272 94302 35fe0b 22 API calls 94301->94302 94302->94300 94303->94279 94304->94279 94305->94280 94307 3830bb 94306->94307 94308 3433dd 94306->94308 94310 35fddb 22 API calls 94307->94310 94361 3433ee 94308->94361 94312 3830c5 _wcslen 94310->94312 94311 3433e8 94311->94283 94313 35fe0b 22 API calls 94312->94313 94314 3830fe __fread_nolock 94313->94314 94317 35fddb 94315->94317 94318 35fdfa 94317->94318 94322 35fdfc 94317->94322 94335 36ea0c 94317->94335 94342 364ead 7 API calls 2 library calls 94317->94342 94318->94288 94320 36066d 94344 3632a4 RaiseException 94320->94344 94322->94320 94343 3632a4 RaiseException 94322->94343 94323 36068a 94323->94288 94327 35fde0 94325->94327 94326 36ea0c ___std_exception_copy 21 API calls 94326->94327 94327->94326 94328 35fdfa 94327->94328 94332 35fdfc 94327->94332 94347 364ead 7 API calls 2 library calls 94327->94347 94328->94290 94330 36066d 94349 3632a4 RaiseException 94330->94349 94332->94330 94348 3632a4 RaiseException 94332->94348 94333 36068a 94333->94290 94340 373820 _abort 94335->94340 94336 37385e 94346 36f2d9 20 API calls _abort 94336->94346 94337 373849 RtlAllocateHeap 94339 37385c 94337->94339 94337->94340 94339->94317 94340->94336 94340->94337 94345 364ead 7 API calls 2 library calls 94340->94345 94342->94317 94343->94320 94344->94323 94345->94340 94346->94339 94347->94327 94348->94330 94349->94333 94350->94300 94352 3493c0 94351->94352 94354 3493c9 __fread_nolock 94351->94354 94352->94354 94355 34aec9 94352->94355 94354->94295 94356 34aedc 94355->94356 94360 34aed9 __fread_nolock 94355->94360 94357 35fddb 22 API calls 94356->94357 94358 34aee7 94357->94358 94359 35fe0b 22 API calls 94358->94359 94359->94360 94360->94354 94362 3433fe _wcslen 94361->94362 94363 38311d 94362->94363 94364 343411 94362->94364 94365 35fddb 22 API calls 94363->94365 94371 34a587 94364->94371 94368 383127 94365->94368 94367 34341e __fread_nolock 94367->94311 94369 35fe0b 22 API calls 94368->94369 94370 383157 __fread_nolock 94369->94370 94372 34a59d 94371->94372 94374 34a598 __fread_nolock 94371->94374 94373 35fe0b 22 API calls 94372->94373 94375 38f80f 94372->94375 94373->94374 94374->94367 94375->94375 94376 342e37 94455 34a961 94376->94455 94380 342e6b 94474 343a5a 94380->94474 94382 342e7f 94481 349cb3 94382->94481 94387 382cb0 94527 3b2cf9 94387->94527 94388 342ead 94509 34a8c7 22 API calls __fread_nolock 94388->94509 94390 382cc3 94392 382ccf 94390->94392 94553 344f39 94390->94553 94396 344f39 68 API calls 94392->94396 94393 342ec3 94510 346f88 22 API calls 94393->94510 94398 382ce5 94396->94398 94397 342ecf 94399 349cb3 22 API calls 94397->94399 94559 343084 22 API calls 94398->94559 94400 342edc 94399->94400 94511 34a81b 41 API calls 94400->94511 94403 342eec 94405 349cb3 22 API calls 94403->94405 94404 382d02 94560 343084 22 API calls 94404->94560 94407 342f12 94405->94407 94512 34a81b 41 API calls 94407->94512 94408 382d1e 94410 343a5a 24 API calls 94408->94410 94412 382d44 94410->94412 94411 342f21 94415 34a961 22 API calls 94411->94415 94561 343084 22 API calls 94412->94561 94414 382d50 94562 34a8c7 22 API calls __fread_nolock 94414->94562 94417 342f3f 94415->94417 94513 343084 22 API calls 94417->94513 94418 382d5e 94563 343084 22 API calls 94418->94563 94421 342f4b 94514 364a28 40 API calls 3 library calls 94421->94514 94422 382d6d 94564 34a8c7 22 API calls __fread_nolock 94422->94564 94424 342f59 94424->94398 94425 342f63 94424->94425 94515 364a28 40 API calls 3 library calls 94425->94515 94428 382d83 94565 343084 22 API calls 94428->94565 94429 342f6e 94429->94404 94431 342f78 94429->94431 94516 364a28 40 API calls 3 library calls 94431->94516 94432 382d90 94434 342f83 94434->94408 94435 342f8d 94434->94435 94517 364a28 40 API calls 3 library calls 94435->94517 94437 342f98 94438 342fdc 94437->94438 94518 343084 22 API calls 94437->94518 94438->94422 94439 342fe8 94438->94439 94439->94432 94521 3463eb 22 API calls 94439->94521 94441 342fbf 94519 34a8c7 22 API calls __fread_nolock 94441->94519 94443 342ff8 94522 346a50 22 API calls 94443->94522 94446 342fcd 94520 343084 22 API calls 94446->94520 94447 343006 94523 3470b0 23 API calls 94447->94523 94452 343021 94453 343065 94452->94453 94524 346f88 22 API calls 94452->94524 94525 3470b0 23 API calls 94452->94525 94526 343084 22 API calls 94452->94526 94456 35fe0b 22 API calls 94455->94456 94457 34a976 94456->94457 94458 35fddb 22 API calls 94457->94458 94459 342e4d 94458->94459 94460 344ae3 94459->94460 94461 344af0 __wsopen_s 94460->94461 94462 346b57 22 API calls 94461->94462 94463 344b22 94461->94463 94462->94463 94473 344b58 94463->94473 94566 344c6d 94463->94566 94465 349cb3 22 API calls 94468 344c52 94465->94468 94466 344c5e 94466->94380 94467 349cb3 22 API calls 94467->94473 94469 34515f 22 API calls 94468->94469 94469->94466 94471 344c29 94471->94465 94471->94466 94472 344c6d 22 API calls 94472->94473 94473->94467 94473->94471 94473->94472 94569 34515f 94473->94569 94575 381f50 94474->94575 94477 349cb3 22 API calls 94478 343a8d 94477->94478 94577 343aa2 94478->94577 94480 343a97 94480->94382 94482 349cc2 _wcslen 94481->94482 94483 35fe0b 22 API calls 94482->94483 94484 349cea __fread_nolock 94483->94484 94485 35fddb 22 API calls 94484->94485 94486 342e8c 94485->94486 94487 344ecb 94486->94487 94597 344e90 LoadLibraryA 94487->94597 94492 344ef6 LoadLibraryExW 94605 344e59 LoadLibraryA 94492->94605 94493 383ccf 94494 344f39 68 API calls 94493->94494 94496 383cd6 94494->94496 94499 344e59 3 API calls 94496->94499 94501 383cde 94499->94501 94500 344f20 94500->94501 94502 344f2c 94500->94502 94627 3450f5 94501->94627 94503 344f39 68 API calls 94502->94503 94505 342ea5 94503->94505 94505->94387 94505->94388 94508 383d05 94509->94393 94510->94397 94511->94403 94512->94411 94513->94421 94514->94424 94515->94429 94516->94434 94517->94437 94518->94441 94519->94446 94520->94438 94521->94443 94522->94447 94523->94452 94524->94452 94525->94452 94526->94452 94528 3b2d15 94527->94528 94529 34511f 64 API calls 94528->94529 94530 3b2d29 94529->94530 94770 3b2e66 94530->94770 94533 3450f5 40 API calls 94534 3b2d56 94533->94534 94535 3450f5 40 API calls 94534->94535 94536 3b2d66 94535->94536 94537 3450f5 40 API calls 94536->94537 94538 3b2d81 94537->94538 94539 3450f5 40 API calls 94538->94539 94540 3b2d9c 94539->94540 94541 34511f 64 API calls 94540->94541 94542 3b2db3 94541->94542 94543 36ea0c ___std_exception_copy 21 API calls 94542->94543 94544 3b2dba 94543->94544 94545 36ea0c ___std_exception_copy 21 API calls 94544->94545 94546 3b2dc4 94545->94546 94547 3450f5 40 API calls 94546->94547 94548 3b2dd8 94547->94548 94549 3b28fe 27 API calls 94548->94549 94550 3b2dee 94549->94550 94551 3b2d3f 94550->94551 94776 3b22ce 79 API calls 94550->94776 94551->94390 94554 344f43 94553->94554 94555 344f4a 94553->94555 94777 36e678 94554->94777 94557 344f59 94555->94557 94558 344f6a FreeLibrary 94555->94558 94557->94392 94558->94557 94559->94404 94560->94408 94561->94414 94562->94418 94563->94422 94564->94428 94565->94432 94567 34aec9 22 API calls 94566->94567 94568 344c78 94567->94568 94568->94463 94570 34516e 94569->94570 94574 34518f __fread_nolock 94569->94574 94572 35fe0b 22 API calls 94570->94572 94571 35fddb 22 API calls 94573 3451a2 94571->94573 94572->94574 94573->94473 94574->94571 94576 343a67 GetModuleFileNameW 94575->94576 94576->94477 94578 381f50 __wsopen_s 94577->94578 94579 343aaf GetFullPathNameW 94578->94579 94580 343ace 94579->94580 94581 343ae9 94579->94581 94582 346b57 22 API calls 94580->94582 94591 34a6c3 94581->94591 94584 343ada 94582->94584 94587 3437a0 94584->94587 94588 3437ae 94587->94588 94589 3493b2 22 API calls 94588->94589 94590 3437c2 94589->94590 94590->94480 94592 34a6dd 94591->94592 94596 34a6d0 94591->94596 94593 35fddb 22 API calls 94592->94593 94594 34a6e7 94593->94594 94595 35fe0b 22 API calls 94594->94595 94595->94596 94596->94584 94598 344ec6 94597->94598 94599 344ea8 GetProcAddress 94597->94599 94602 36e5eb 94598->94602 94600 344eb8 94599->94600 94600->94598 94601 344ebf FreeLibrary 94600->94601 94601->94598 94635 36e52a 94602->94635 94604 344eea 94604->94492 94604->94493 94606 344e8d 94605->94606 94607 344e6e GetProcAddress 94605->94607 94610 344f80 94606->94610 94608 344e7e 94607->94608 94608->94606 94609 344e86 FreeLibrary 94608->94609 94609->94606 94611 35fe0b 22 API calls 94610->94611 94612 344f95 94611->94612 94696 345722 94612->94696 94614 344fa1 __fread_nolock 94615 3450a5 94614->94615 94616 383d1d 94614->94616 94626 344fdc 94614->94626 94699 3442a2 CreateStreamOnHGlobal 94615->94699 94710 3b304d 74 API calls 94616->94710 94619 383d22 94621 34511f 64 API calls 94619->94621 94620 3450f5 40 API calls 94620->94626 94622 383d45 94621->94622 94623 3450f5 40 API calls 94622->94623 94625 34506e messages 94623->94625 94625->94500 94626->94619 94626->94620 94626->94625 94705 34511f 94626->94705 94628 345107 94627->94628 94631 383d70 94627->94631 94732 36e8c4 94628->94732 94632 3b28fe 94753 3b274e 94632->94753 94634 3b2919 94634->94508 94637 36e536 ___DestructExceptionObject 94635->94637 94636 36e544 94660 36f2d9 20 API calls _abort 94636->94660 94637->94636 94639 36e574 94637->94639 94641 36e586 94639->94641 94642 36e579 94639->94642 94640 36e549 94661 3727ec 26 API calls _abort 94640->94661 94652 378061 94641->94652 94662 36f2d9 20 API calls _abort 94642->94662 94646 36e58f 94647 36e595 94646->94647 94648 36e5a2 94646->94648 94663 36f2d9 20 API calls _abort 94647->94663 94664 36e5d4 LeaveCriticalSection __fread_nolock 94648->94664 94651 36e554 __fread_nolock 94651->94604 94653 37806d ___DestructExceptionObject 94652->94653 94665 372f5e EnterCriticalSection 94653->94665 94655 37807b 94666 3780fb 94655->94666 94659 3780ac __fread_nolock 94659->94646 94660->94640 94661->94651 94662->94651 94663->94651 94664->94651 94665->94655 94673 37811e 94666->94673 94667 378088 94680 3780b7 94667->94680 94668 378177 94685 374c7d 20 API calls 2 library calls 94668->94685 94670 378180 94686 3729c8 94670->94686 94673->94667 94673->94668 94683 36918d EnterCriticalSection 94673->94683 94684 3691a1 LeaveCriticalSection 94673->94684 94674 378189 94674->94667 94692 373405 11 API calls 2 library calls 94674->94692 94676 3781a8 94693 36918d EnterCriticalSection 94676->94693 94679 3781bb 94679->94667 94695 372fa6 LeaveCriticalSection 94680->94695 94682 3780be 94682->94659 94683->94673 94684->94673 94685->94670 94687 3729d3 RtlFreeHeap 94686->94687 94688 3729fc __dosmaperr 94686->94688 94687->94688 94689 3729e8 94687->94689 94688->94674 94694 36f2d9 20 API calls _abort 94689->94694 94691 3729ee GetLastError 94691->94688 94692->94676 94693->94679 94694->94691 94695->94682 94697 35fddb 22 API calls 94696->94697 94698 345734 94697->94698 94698->94614 94700 3442bc FindResourceExW 94699->94700 94704 3442d9 94699->94704 94701 3835ba LoadResource 94700->94701 94700->94704 94702 3835cf SizeofResource 94701->94702 94701->94704 94703 3835e3 LockResource 94702->94703 94702->94704 94703->94704 94704->94626 94706 383d90 94705->94706 94707 34512e 94705->94707 94711 36ece3 94707->94711 94710->94619 94714 36eaaa 94711->94714 94713 34513c 94713->94626 94717 36eab6 ___DestructExceptionObject 94714->94717 94715 36eac2 94727 36f2d9 20 API calls _abort 94715->94727 94717->94715 94718 36eae8 94717->94718 94729 36918d EnterCriticalSection 94718->94729 94719 36eac7 94728 3727ec 26 API calls _abort 94719->94728 94722 36eaf4 94730 36ec0a 62 API calls 2 library calls 94722->94730 94724 36ead2 __fread_nolock 94724->94713 94725 36eb08 94731 36eb27 LeaveCriticalSection __fread_nolock 94725->94731 94727->94719 94728->94724 94729->94722 94730->94725 94731->94724 94735 36e8e1 94732->94735 94734 345118 94734->94632 94736 36e8ed ___DestructExceptionObject 94735->94736 94737 36e92d 94736->94737 94738 36e925 __fread_nolock 94736->94738 94744 36e900 ___scrt_fastfail 94736->94744 94750 36918d EnterCriticalSection 94737->94750 94738->94734 94740 36e937 94751 36e6f8 38 API calls 4 library calls 94740->94751 94742 36e91a 94749 3727ec 26 API calls _abort 94742->94749 94748 36f2d9 20 API calls _abort 94744->94748 94746 36e94e 94752 36e96c LeaveCriticalSection __fread_nolock 94746->94752 94748->94742 94749->94738 94750->94740 94751->94746 94752->94738 94756 36e4e8 94753->94756 94755 3b275d 94755->94634 94759 36e469 94756->94759 94758 36e505 94758->94755 94760 36e48c 94759->94760 94761 36e478 94759->94761 94766 36e488 __alldvrm 94760->94766 94769 37333f 11 API calls 2 library calls 94760->94769 94767 36f2d9 20 API calls _abort 94761->94767 94763 36e47d 94768 3727ec 26 API calls _abort 94763->94768 94766->94758 94767->94763 94768->94766 94769->94766 94773 3b2e7a 94770->94773 94771 3450f5 40 API calls 94771->94773 94772 3b28fe 27 API calls 94772->94773 94773->94771 94773->94772 94774 3b2d3b 94773->94774 94775 34511f 64 API calls 94773->94775 94774->94533 94774->94551 94775->94773 94776->94551 94778 36e684 ___DestructExceptionObject 94777->94778 94779 36e695 94778->94779 94780 36e6aa 94778->94780 94807 36f2d9 20 API calls _abort 94779->94807 94788 36e6a5 __fread_nolock 94780->94788 94790 36918d EnterCriticalSection 94780->94790 94783 36e69a 94808 3727ec 26 API calls _abort 94783->94808 94784 36e6c6 94791 36e602 94784->94791 94787 36e6d1 94809 36e6ee LeaveCriticalSection __fread_nolock 94787->94809 94788->94555 94790->94784 94792 36e624 94791->94792 94793 36e60f 94791->94793 94799 36e61f 94792->94799 94810 36dc0b 94792->94810 94842 36f2d9 20 API calls _abort 94793->94842 94795 36e614 94843 3727ec 26 API calls _abort 94795->94843 94799->94787 94803 36e646 94827 37862f 94803->94827 94806 3729c8 _free 20 API calls 94806->94799 94807->94783 94808->94788 94809->94788 94811 36dc23 94810->94811 94815 36dc1f 94810->94815 94812 36d955 __fread_nolock 26 API calls 94811->94812 94811->94815 94813 36dc43 94812->94813 94844 3759be 62 API calls 5 library calls 94813->94844 94816 374d7a 94815->94816 94817 374d90 94816->94817 94819 36e640 94816->94819 94818 3729c8 _free 20 API calls 94817->94818 94817->94819 94818->94819 94820 36d955 94819->94820 94821 36d976 94820->94821 94822 36d961 94820->94822 94821->94803 94845 36f2d9 20 API calls _abort 94822->94845 94824 36d966 94846 3727ec 26 API calls _abort 94824->94846 94826 36d971 94826->94803 94828 378653 94827->94828 94829 37863e 94827->94829 94831 37868e 94828->94831 94836 37867a 94828->94836 94850 36f2c6 20 API calls _abort 94829->94850 94852 36f2c6 20 API calls _abort 94831->94852 94833 378643 94851 36f2d9 20 API calls _abort 94833->94851 94834 378693 94853 36f2d9 20 API calls _abort 94834->94853 94847 378607 94836->94847 94838 36e64c 94838->94799 94838->94806 94840 37869b 94854 3727ec 26 API calls _abort 94840->94854 94842->94795 94843->94799 94844->94815 94845->94824 94846->94826 94855 378585 94847->94855 94849 37862b 94849->94838 94850->94833 94851->94838 94852->94834 94853->94840 94854->94838 94856 378591 ___DestructExceptionObject 94855->94856 94866 375147 EnterCriticalSection 94856->94866 94858 37859f 94859 3785c6 94858->94859 94860 3785d1 94858->94860 94867 3786ae 94859->94867 94882 36f2d9 20 API calls _abort 94860->94882 94863 3785cc 94883 3785fb LeaveCriticalSection __wsopen_s 94863->94883 94865 3785ee __fread_nolock 94865->94849 94866->94858 94884 3753c4 94867->94884 94869 3786c4 94897 375333 21 API calls 2 library calls 94869->94897 94871 3786be 94871->94869 94874 3753c4 __wsopen_s 26 API calls 94871->94874 94881 3786f6 94871->94881 94872 3753c4 __wsopen_s 26 API calls 94875 378702 FindCloseChangeNotification 94872->94875 94873 37871c 94880 37873e 94873->94880 94898 36f2a3 20 API calls __dosmaperr 94873->94898 94876 3786ed 94874->94876 94875->94869 94878 37870e GetLastError 94875->94878 94877 3753c4 __wsopen_s 26 API calls 94876->94877 94877->94881 94878->94869 94880->94863 94881->94869 94881->94872 94882->94863 94883->94865 94885 3753e6 94884->94885 94886 3753d1 94884->94886 94891 37540b 94885->94891 94901 36f2c6 20 API calls _abort 94885->94901 94899 36f2c6 20 API calls _abort 94886->94899 94888 3753d6 94900 36f2d9 20 API calls _abort 94888->94900 94891->94871 94892 375416 94902 36f2d9 20 API calls _abort 94892->94902 94893 3753de 94893->94871 94895 37541e 94903 3727ec 26 API calls _abort 94895->94903 94897->94873 94898->94880 94899->94888 94900->94893 94901->94892 94902->94895 94903->94893 94904 341033 94909 344c91 94904->94909 94908 341042 94910 34a961 22 API calls 94909->94910 94911 344cff 94910->94911 94917 343af0 94911->94917 94914 344d9c 94915 341038 94914->94915 94920 3451f7 22 API calls __fread_nolock 94914->94920 94916 3600a3 29 API calls __onexit 94915->94916 94916->94908 94921 343b1c 94917->94921 94920->94914 94922 343b0f 94921->94922 94923 343b29 94921->94923 94922->94914 94923->94922 94924 343b30 RegOpenKeyExW 94923->94924 94924->94922 94925 343b4a RegQueryValueExW 94924->94925 94926 343b80 RegCloseKey 94925->94926 94927 343b6b 94925->94927 94926->94922 94927->94926 94928 34f7bf 94929 34fcb6 94928->94929 94930 34f7d3 94928->94930 95017 34aceb 23 API calls messages 94929->95017 94931 34fcc2 94930->94931 94933 35fddb 22 API calls 94930->94933 95018 34aceb 23 API calls messages 94931->95018 94935 34f7e5 94933->94935 94935->94931 94936 34f83e 94935->94936 94937 34fd3d 94935->94937 94962 34ed9d messages 94936->94962 94963 351310 94936->94963 95019 3b1155 22 API calls 94937->95019 94940 35fddb 22 API calls 94960 34ec76 messages 94940->94960 94941 34fef7 94941->94962 95021 34a8c7 22 API calls __fread_nolock 94941->95021 94944 394b0b 95023 3b359c 82 API calls __wsopen_s 94944->95023 94945 34a8c7 22 API calls 94945->94960 94946 394600 94946->94962 95020 34a8c7 22 API calls __fread_nolock 94946->95020 94951 360242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94951->94960 94953 34fbe3 94955 394bdc 94953->94955 94961 34f3ae messages 94953->94961 94953->94962 94954 34a961 22 API calls 94954->94960 95024 3b359c 82 API calls __wsopen_s 94955->95024 94957 394beb 95025 3b359c 82 API calls __wsopen_s 94957->95025 94958 3601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94958->94960 94959 3600a3 29 API calls pre_c_initialization 94959->94960 94960->94940 94960->94941 94960->94944 94960->94945 94960->94946 94960->94951 94960->94953 94960->94954 94960->94957 94960->94958 94960->94959 94960->94961 94960->94962 95015 3501e0 185 API calls 2 library calls 94960->95015 95016 3506a0 41 API calls messages 94960->95016 94961->94962 95022 3b359c 82 API calls __wsopen_s 94961->95022 94964 351376 94963->94964 94965 3517b0 94963->94965 94966 351390 94964->94966 94967 396331 94964->94967 95074 360242 5 API calls __Init_thread_wait 94965->95074 94969 351940 9 API calls 94966->94969 95079 3c709c 185 API calls 94967->95079 94972 3513a0 94969->94972 94971 3517ba 94975 349cb3 22 API calls 94971->94975 94976 3517fb 94971->94976 94974 351940 9 API calls 94972->94974 94973 39633d 94973->94960 94977 3513b6 94974->94977 94983 3517d4 94975->94983 94978 396346 94976->94978 94980 35182c 94976->94980 94977->94976 94979 3513ec 94977->94979 95080 3b359c 82 API calls __wsopen_s 94978->95080 94979->94978 95003 351408 __fread_nolock 94979->95003 95076 34aceb 23 API calls messages 94980->95076 95075 3601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94983->95075 94984 351839 95077 35d217 185 API calls 94984->95077 94987 39636e 95081 3b359c 82 API calls __wsopen_s 94987->95081 94988 35152f 94990 3963d1 94988->94990 94991 35153c 94988->94991 95083 3c5745 54 API calls _wcslen 94990->95083 94993 351940 9 API calls 94991->94993 94994 351549 94993->94994 95000 351940 9 API calls 94994->95000 95010 3515c7 messages 94994->95010 94995 35fddb 22 API calls 94995->95003 94996 351872 95078 35faeb 23 API calls 94996->95078 94997 35fe0b 22 API calls 94997->95003 94999 35171d 94999->94960 95006 351563 95000->95006 95003->94984 95003->94987 95003->94988 95003->94995 95003->94997 95004 3963b2 95003->95004 95003->95010 95049 34ec40 95003->95049 95082 3b359c 82 API calls __wsopen_s 95004->95082 95006->95010 95084 34a8c7 22 API calls __fread_nolock 95006->95084 95009 35167b messages 95009->94999 95073 35ce17 22 API calls messages 95009->95073 95010->94996 95010->95009 95026 351940 95010->95026 95036 3ca2ea 95010->95036 95041 3b5c5a 95010->95041 95046 3cac5b 95010->95046 95085 3b359c 82 API calls __wsopen_s 95010->95085 95015->94960 95016->94960 95017->94931 95018->94937 95019->94962 95020->94962 95021->94962 95022->94962 95023->94962 95024->94957 95025->94962 95027 351981 95026->95027 95028 35195d 95026->95028 95086 360242 5 API calls __Init_thread_wait 95027->95086 95029 35196e 95028->95029 95088 360242 5 API calls __Init_thread_wait 95028->95088 95029->95010 95032 35198b 95032->95028 95087 3601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95032->95087 95033 358727 95033->95029 95089 3601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95033->95089 95090 347510 95036->95090 95040 3ca315 95040->95010 95042 347510 53 API calls 95041->95042 95043 3b5c6d 95042->95043 95138 3adbbe lstrlenW 95043->95138 95045 3b5c77 95045->95010 95143 3cad64 95046->95143 95048 3cac6f 95048->95010 95051 34ec76 messages 95049->95051 95050 3600a3 29 API calls pre_c_initialization 95050->95051 95051->95050 95052 394beb 95051->95052 95053 35fddb 22 API calls 95051->95053 95054 34ed9d messages 95051->95054 95055 34fef7 95051->95055 95058 394b0b 95051->95058 95059 34a8c7 22 API calls 95051->95059 95063 394600 95051->95063 95065 360242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95051->95065 95067 34fbe3 95051->95067 95068 34a961 22 API calls 95051->95068 95071 3601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95051->95071 95072 34f3ae messages 95051->95072 95175 3501e0 185 API calls 2 library calls 95051->95175 95176 3506a0 41 API calls messages 95051->95176 95182 3b359c 82 API calls __wsopen_s 95052->95182 95053->95051 95054->95003 95055->95054 95178 34a8c7 22 API calls __fread_nolock 95055->95178 95180 3b359c 82 API calls __wsopen_s 95058->95180 95059->95051 95063->95054 95177 34a8c7 22 API calls __fread_nolock 95063->95177 95065->95051 95067->95054 95069 394bdc 95067->95069 95067->95072 95068->95051 95181 3b359c 82 API calls __wsopen_s 95069->95181 95071->95051 95072->95054 95179 3b359c 82 API calls __wsopen_s 95072->95179 95073->95009 95074->94971 95075->94976 95076->94984 95077->94996 95078->94996 95079->94973 95080->95010 95081->95010 95082->95010 95083->95006 95084->95010 95085->95010 95086->95032 95087->95028 95088->95033 95089->95029 95091 347525 95090->95091 95107 347522 95090->95107 95092 34752d 95091->95092 95093 34755b 95091->95093 95123 3651c6 26 API calls 95092->95123 95096 34756d 95093->95096 95100 38500f 95093->95100 95103 3850f6 95093->95103 95124 35fb21 51 API calls 95096->95124 95097 34753d 95102 35fddb 22 API calls 95097->95102 95098 38510e 95098->95098 95106 35fe0b 22 API calls 95100->95106 95108 385088 95100->95108 95104 347547 95102->95104 95126 365183 26 API calls 95103->95126 95105 349cb3 22 API calls 95104->95105 95105->95107 95109 385058 95106->95109 95113 3ad4dc CreateToolhelp32Snapshot Process32FirstW 95107->95113 95125 35fb21 51 API calls 95108->95125 95110 35fddb 22 API calls 95109->95110 95111 38507f 95110->95111 95112 349cb3 22 API calls 95111->95112 95112->95108 95127 3adef7 95113->95127 95115 3ad522 95116 3ad5db FindCloseChangeNotification 95115->95116 95117 3ad529 Process32NextW 95115->95117 95118 34a961 22 API calls 95115->95118 95119 349cb3 22 API calls 95115->95119 95133 34525f 22 API calls 95115->95133 95134 346350 22 API calls 95115->95134 95135 35ce60 41 API calls 95115->95135 95116->95040 95117->95115 95117->95116 95118->95115 95119->95115 95123->95097 95124->95097 95125->95103 95126->95098 95132 3adf02 95127->95132 95128 3adf19 95137 3662fb 39 API calls 95128->95137 95131 3adf1f 95131->95115 95132->95128 95132->95131 95136 3663b2 GetStringTypeW _strftime 95132->95136 95133->95115 95134->95115 95135->95115 95136->95132 95137->95131 95139 3adbdc GetFileAttributesW 95138->95139 95140 3adc06 95138->95140 95139->95140 95141 3adbe8 FindFirstFileW 95139->95141 95140->95045 95141->95140 95142 3adbf9 FindClose 95141->95142 95142->95140 95144 34a961 22 API calls 95143->95144 95145 3cad77 ___scrt_fastfail 95144->95145 95146 347510 53 API calls 95145->95146 95159 3cadce 95145->95159 95150 3cadab 95146->95150 95147 347510 53 API calls 95151 3cade4 95147->95151 95148 3cae3a 95154 3cae4d ___scrt_fastfail 95148->95154 95174 34b567 39 API calls 95148->95174 95149 3cadee 95149->95148 95152 347510 53 API calls 95149->95152 95155 347510 53 API calls 95150->95155 95150->95159 95172 347620 22 API calls _wcslen 95151->95172 95162 3cae04 95152->95162 95160 347510 53 API calls 95154->95160 95157 3cadc4 95155->95157 95171 347620 22 API calls _wcslen 95157->95171 95159->95147 95159->95149 95161 3cae85 ShellExecuteExW 95160->95161 95166 3caeb0 95161->95166 95162->95148 95163 347510 53 API calls 95162->95163 95164 3cae28 95163->95164 95164->95148 95173 34a8c7 22 API calls __fread_nolock 95164->95173 95167 3caec8 95166->95167 95168 3caf35 GetProcessId 95166->95168 95167->95048 95169 3caf48 95168->95169 95170 3caf58 CloseHandle 95169->95170 95170->95167 95171->95159 95172->95149 95173->95148 95174->95154 95175->95051 95176->95051 95177->95054 95178->95054 95179->95054 95180->95054 95181->95052 95182->95054 95183 393f75 95194 35ceb1 95183->95194 95185 393f8b 95186 394006 95185->95186 95261 35e300 23 API calls 95185->95261 95203 34bf40 95186->95203 95188 394052 95192 394a88 95188->95192 95263 3b359c 82 API calls __wsopen_s 95188->95263 95191 393fe6 95191->95188 95262 3b1abf 22 API calls 95191->95262 95195 35ced2 95194->95195 95196 35cebf 95194->95196 95198 35cf05 95195->95198 95199 35ced7 95195->95199 95264 34aceb 23 API calls messages 95196->95264 95265 34aceb 23 API calls messages 95198->95265 95201 35fddb 22 API calls 95199->95201 95202 35cec9 95201->95202 95202->95185 95266 34adf0 95203->95266 95205 34bf9d 95206 34bfa9 95205->95206 95207 3904b6 95205->95207 95209 3904c6 95206->95209 95210 34c01e 95206->95210 95285 3b359c 82 API calls __wsopen_s 95207->95285 95286 3b359c 82 API calls __wsopen_s 95209->95286 95271 34ac91 95210->95271 95214 3a7120 22 API calls 95258 34c039 __fread_nolock messages 95214->95258 95215 34c7da 95218 35fe0b 22 API calls 95215->95218 95226 34c808 __fread_nolock 95218->95226 95220 3904f5 95223 39055a 95220->95223 95287 35d217 185 API calls 95220->95287 95247 34c603 95223->95247 95288 3b359c 82 API calls __wsopen_s 95223->95288 95224 35fe0b 22 API calls 95259 34c350 __fread_nolock messages 95224->95259 95225 34af8a 22 API calls 95225->95258 95226->95224 95227 39091a 95298 3b3209 23 API calls 95227->95298 95230 34ec40 185 API calls 95230->95258 95231 3908a5 95232 34ec40 185 API calls 95231->95232 95234 3908cf 95232->95234 95234->95247 95296 34a81b 41 API calls 95234->95296 95235 390591 95289 3b359c 82 API calls __wsopen_s 95235->95289 95236 3908f6 95297 3b359c 82 API calls __wsopen_s 95236->95297 95240 34bbe0 40 API calls 95240->95258 95242 34c237 95244 34c253 95242->95244 95299 34a8c7 22 API calls __fread_nolock 95242->95299 95248 390976 95244->95248 95253 34c297 messages 95244->95253 95246 35fe0b 22 API calls 95246->95258 95247->95188 95300 34aceb 23 API calls messages 95248->95300 95250 35fddb 22 API calls 95250->95258 95252 3909bf 95252->95247 95301 3b359c 82 API calls __wsopen_s 95252->95301 95253->95252 95282 34aceb 23 API calls messages 95253->95282 95255 34c335 95255->95252 95256 34c342 95255->95256 95283 34a704 22 API calls messages 95256->95283 95258->95214 95258->95215 95258->95220 95258->95223 95258->95225 95258->95226 95258->95227 95258->95230 95258->95231 95258->95235 95258->95236 95258->95240 95258->95242 95258->95246 95258->95247 95258->95250 95258->95252 95275 34ad81 95258->95275 95290 3a7099 22 API calls __fread_nolock 95258->95290 95291 3c5745 54 API calls _wcslen 95258->95291 95292 35aa42 22 API calls messages 95258->95292 95293 3af05c 40 API calls 95258->95293 95294 34a993 41 API calls 95258->95294 95295 34aceb 23 API calls messages 95258->95295 95260 34c3ac 95259->95260 95284 35ce17 22 API calls messages 95259->95284 95260->95188 95261->95191 95262->95186 95263->95192 95264->95202 95265->95202 95267 34ae01 95266->95267 95270 34ae1c messages 95266->95270 95268 34aec9 22 API calls 95267->95268 95269 34ae09 CharUpperBuffW 95268->95269 95269->95270 95270->95205 95272 34acae 95271->95272 95273 34acd1 95272->95273 95302 3b359c 82 API calls __wsopen_s 95272->95302 95273->95258 95276 38fadb 95275->95276 95277 34ad92 95275->95277 95278 35fddb 22 API calls 95277->95278 95279 34ad99 95278->95279 95303 34adcd 95279->95303 95282->95255 95283->95259 95284->95259 95285->95209 95286->95247 95287->95223 95288->95247 95289->95247 95290->95258 95291->95258 95292->95258 95293->95258 95294->95258 95295->95258 95296->95236 95297->95247 95298->95242 95299->95244 95300->95252 95301->95247 95302->95273 95307 34addd 95303->95307 95304 34adb6 95304->95258 95305 35fddb 22 API calls 95305->95307 95306 34a961 22 API calls 95306->95307 95307->95304 95307->95305 95307->95306 95308 34adcd 22 API calls 95307->95308 95310 34a8c7 22 API calls __fread_nolock 95307->95310 95308->95307 95310->95307 95311 341098 95316 3442de 95311->95316 95315 3410a7 95317 34a961 22 API calls 95316->95317 95318 3442f5 GetVersionExW 95317->95318 95319 346b57 22 API calls 95318->95319 95320 344342 95319->95320 95321 3493b2 22 API calls 95320->95321 95333 344378 95320->95333 95322 34436c 95321->95322 95324 3437a0 22 API calls 95322->95324 95323 34441b GetCurrentProcess IsWow64Process 95325 344437 95323->95325 95324->95333 95326 34444f LoadLibraryA 95325->95326 95327 383824 GetSystemInfo 95325->95327 95328 344460 GetProcAddress 95326->95328 95329 34449c GetSystemInfo 95326->95329 95328->95329 95331 344470 GetNativeSystemInfo 95328->95331 95332 344476 95329->95332 95330 3837df 95331->95332 95334 34109d 95332->95334 95335 34447a FreeLibrary 95332->95335 95333->95323 95333->95330 95336 3600a3 29 API calls __onexit 95334->95336 95335->95334 95336->95315 95337 3603fb 95338 360407 ___DestructExceptionObject 95337->95338 95366 35feb1 95338->95366 95340 36040e 95341 360561 95340->95341 95344 360438 95340->95344 95396 36083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95341->95396 95343 360568 95389 364e52 95343->95389 95354 360477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95344->95354 95377 37247d 95344->95377 95351 360457 95353 3604d8 95385 360959 95353->95385 95354->95353 95392 364e1a 38 API calls 2 library calls 95354->95392 95357 3604de 95358 3604f3 95357->95358 95393 360992 GetModuleHandleW 95358->95393 95360 3604fa 95360->95343 95361 3604fe 95360->95361 95362 360507 95361->95362 95394 364df5 28 API calls _abort 95361->95394 95395 360040 13 API calls 2 library calls 95362->95395 95365 36050f 95365->95351 95367 35feba 95366->95367 95398 360698 IsProcessorFeaturePresent 95367->95398 95369 35fec6 95399 362c94 10 API calls 3 library calls 95369->95399 95371 35fecb 95372 35fecf 95371->95372 95400 372317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95371->95400 95372->95340 95374 35fed8 95375 35fee6 95374->95375 95401 362cbd 8 API calls 3 library calls 95374->95401 95375->95340 95380 372494 95377->95380 95379 360451 95379->95351 95381 372421 95379->95381 95402 360a8c 95380->95402 95382 372450 95381->95382 95383 360a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95382->95383 95384 372479 95383->95384 95384->95354 95410 362340 95385->95410 95388 36097f 95388->95357 95412 364bcf 95389->95412 95392->95353 95393->95360 95394->95362 95395->95365 95396->95343 95398->95369 95399->95371 95400->95374 95401->95372 95403 360a97 IsProcessorFeaturePresent 95402->95403 95404 360a95 95402->95404 95406 360c5d 95403->95406 95404->95379 95409 360c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95406->95409 95408 360d40 95408->95379 95409->95408 95411 36096c GetStartupInfoW 95410->95411 95411->95388 95413 364bdb _abort 95412->95413 95414 364bf4 95413->95414 95415 364be2 95413->95415 95436 372f5e EnterCriticalSection 95414->95436 95451 364d29 GetModuleHandleW 95415->95451 95418 364be7 95418->95414 95452 364d6d GetModuleHandleExW 95418->95452 95422 364c70 95430 372421 _abort 5 API calls 95422->95430 95433 364c88 95422->95433 95424 364bfb 95424->95422 95434 364c99 95424->95434 95437 3721a8 95424->95437 95425 364cb6 95443 364ce8 95425->95443 95426 364ce2 95460 381d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95426->95460 95430->95433 95431 372421 _abort 5 API calls 95431->95434 95433->95431 95440 364cd9 95434->95440 95436->95424 95461 371ee1 95437->95461 95480 372fa6 LeaveCriticalSection 95440->95480 95442 364cb2 95442->95425 95442->95426 95481 37360c 95443->95481 95446 364d16 95448 364d6d _abort 8 API calls 95446->95448 95447 364cf6 GetPEB 95447->95446 95449 364d06 GetCurrentProcess TerminateProcess 95447->95449 95450 364d1e ExitProcess 95448->95450 95449->95446 95451->95418 95453 364d97 GetProcAddress 95452->95453 95454 364dba 95452->95454 95455 364dac 95453->95455 95456 364dc0 FreeLibrary 95454->95456 95457 364dc9 95454->95457 95455->95454 95456->95457 95458 360a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95457->95458 95459 364bf3 95458->95459 95459->95414 95464 371e90 95461->95464 95463 371f05 95463->95422 95465 371e9c ___DestructExceptionObject 95464->95465 95472 372f5e EnterCriticalSection 95465->95472 95467 371eaa 95473 371f31 95467->95473 95471 371ec8 __fread_nolock 95471->95463 95472->95467 95474 371f51 95473->95474 95477 371f59 95473->95477 95475 360a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95474->95475 95476 371eb7 95475->95476 95479 371ed5 LeaveCriticalSection _abort 95476->95479 95477->95474 95478 3729c8 _free 20 API calls 95477->95478 95478->95474 95479->95471 95480->95442 95482 373627 95481->95482 95483 373631 95481->95483 95485 360a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95482->95485 95488 372fd7 5 API calls 2 library calls 95483->95488 95486 364cf2 95485->95486 95486->95446 95486->95447 95487 373648 95487->95482 95488->95487 95489 34105b 95494 34344d 95489->95494 95491 34106a 95525 3600a3 29 API calls __onexit 95491->95525 95493 341074 95495 34345d __wsopen_s 95494->95495 95496 34a961 22 API calls 95495->95496 95497 343513 95496->95497 95498 343a5a 24 API calls 95497->95498 95499 34351c 95498->95499 95526 343357 95499->95526 95502 3433c6 22 API calls 95503 343535 95502->95503 95504 34515f 22 API calls 95503->95504 95505 343544 95504->95505 95506 34a961 22 API calls 95505->95506 95507 34354d 95506->95507 95508 34a6c3 22 API calls 95507->95508 95509 343556 RegOpenKeyExW 95508->95509 95510 383176 RegQueryValueExW 95509->95510 95514 343578 95509->95514 95511 38320c RegCloseKey 95510->95511 95512 383193 95510->95512 95511->95514 95517 38321e _wcslen 95511->95517 95513 35fe0b 22 API calls 95512->95513 95515 3831ac 95513->95515 95514->95491 95516 345722 22 API calls 95515->95516 95518 3831b7 RegQueryValueExW 95516->95518 95517->95514 95521 344c6d 22 API calls 95517->95521 95523 349cb3 22 API calls 95517->95523 95524 34515f 22 API calls 95517->95524 95519 3831d4 95518->95519 95522 3831ee messages 95518->95522 95520 346b57 22 API calls 95519->95520 95520->95522 95521->95517 95522->95511 95523->95517 95524->95517 95525->95493 95527 381f50 __wsopen_s 95526->95527 95528 343364 GetFullPathNameW 95527->95528 95529 343386 95528->95529 95530 346b57 22 API calls 95529->95530 95531 3433a4 95530->95531 95531->95502 95532 341044 95537 3410f3 95532->95537 95534 34104a 95573 3600a3 29 API calls __onexit 95534->95573 95536 341054 95574 341398 95537->95574 95541 34116a 95542 34a961 22 API calls 95541->95542 95543 341174 95542->95543 95544 34a961 22 API calls 95543->95544 95545 34117e 95544->95545 95546 34a961 22 API calls 95545->95546 95547 341188 95546->95547 95548 34a961 22 API calls 95547->95548 95549 3411c6 95548->95549 95550 34a961 22 API calls 95549->95550 95551 341292 95550->95551 95584 34171c 95551->95584 95555 3412c4 95556 34a961 22 API calls 95555->95556 95557 3412ce 95556->95557 95558 351940 9 API calls 95557->95558 95559 3412f9 95558->95559 95605 341aab 95559->95605 95561 341315 95562 341325 GetStdHandle 95561->95562 95563 382485 95562->95563 95564 34137a 95562->95564 95563->95564 95565 38248e 95563->95565 95567 341387 OleInitialize 95564->95567 95566 35fddb 22 API calls 95565->95566 95568 382495 95566->95568 95567->95534 95612 3b011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95568->95612 95570 38249e 95613 3b0944 CreateThread 95570->95613 95572 3824aa CloseHandle 95572->95564 95573->95536 95614 3413f1 95574->95614 95577 3413f1 22 API calls 95578 3413d0 95577->95578 95579 34a961 22 API calls 95578->95579 95580 3413dc 95579->95580 95581 346b57 22 API calls 95580->95581 95582 341129 95581->95582 95583 341bc3 6 API calls 95582->95583 95583->95541 95585 34a961 22 API calls 95584->95585 95586 34172c 95585->95586 95587 34a961 22 API calls 95586->95587 95588 341734 95587->95588 95589 34a961 22 API calls 95588->95589 95590 34174f 95589->95590 95591 35fddb 22 API calls 95590->95591 95592 34129c 95591->95592 95593 341b4a 95592->95593 95594 341b58 95593->95594 95595 34a961 22 API calls 95594->95595 95596 341b63 95595->95596 95597 34a961 22 API calls 95596->95597 95598 341b6e 95597->95598 95599 34a961 22 API calls 95598->95599 95600 341b79 95599->95600 95601 34a961 22 API calls 95600->95601 95602 341b84 95601->95602 95603 35fddb 22 API calls 95602->95603 95604 341b96 RegisterWindowMessageW 95603->95604 95604->95555 95606 38272d 95605->95606 95607 341abb 95605->95607 95621 3b3209 23 API calls 95606->95621 95608 35fddb 22 API calls 95607->95608 95611 341ac3 95608->95611 95610 382738 95611->95561 95612->95570 95613->95572 95622 3b092a 28 API calls 95613->95622 95615 34a961 22 API calls 95614->95615 95616 3413fc 95615->95616 95617 34a961 22 API calls 95616->95617 95618 341404 95617->95618 95619 34a961 22 API calls 95618->95619 95620 3413c6 95619->95620 95620->95577 95621->95610 95623 378402 95628 3781be 95623->95628 95626 37842a 95633 3781ef try_get_first_available_module 95628->95633 95630 3783ee 95647 3727ec 26 API calls _abort 95630->95647 95632 378343 95632->95626 95640 380984 95632->95640 95639 378338 95633->95639 95643 368e0b 40 API calls 2 library calls 95633->95643 95635 37838c 95635->95639 95644 368e0b 40 API calls 2 library calls 95635->95644 95637 3783ab 95637->95639 95645 368e0b 40 API calls 2 library calls 95637->95645 95639->95632 95646 36f2d9 20 API calls _abort 95639->95646 95648 380081 95640->95648 95642 38099f 95642->95626 95643->95635 95644->95637 95645->95639 95646->95630 95647->95632 95651 38008d ___DestructExceptionObject 95648->95651 95649 38009b 95705 36f2d9 20 API calls _abort 95649->95705 95651->95649 95653 3800d4 95651->95653 95652 3800a0 95706 3727ec 26 API calls _abort 95652->95706 95659 38065b 95653->95659 95658 3800aa __fread_nolock 95658->95642 95660 380678 95659->95660 95661 38068d 95660->95661 95662 3806a6 95660->95662 95722 36f2c6 20 API calls _abort 95661->95722 95708 375221 95662->95708 95665 380692 95723 36f2d9 20 API calls _abort 95665->95723 95666 3806ab 95667 3806cb 95666->95667 95668 3806b4 95666->95668 95721 38039a CreateFileW 95667->95721 95724 36f2c6 20 API calls _abort 95668->95724 95672 3806b9 95725 36f2d9 20 API calls _abort 95672->95725 95674 380781 GetFileType 95676 38078c GetLastError 95674->95676 95677 3807d3 95674->95677 95675 380756 GetLastError 95727 36f2a3 20 API calls __dosmaperr 95675->95727 95728 36f2a3 20 API calls __dosmaperr 95676->95728 95730 37516a 21 API calls 2 library calls 95677->95730 95678 380704 95678->95674 95678->95675 95726 38039a CreateFileW 95678->95726 95682 38079a CloseHandle 95682->95665 95685 3807c3 95682->95685 95684 380749 95684->95674 95684->95675 95729 36f2d9 20 API calls _abort 95685->95729 95686 3807f4 95688 380840 95686->95688 95731 3805ab 72 API calls 3 library calls 95686->95731 95693 38086d 95688->95693 95732 38014d 72 API calls 4 library calls 95688->95732 95689 3807c8 95689->95665 95692 380866 95692->95693 95694 38087e 95692->95694 95695 3786ae __wsopen_s 29 API calls 95693->95695 95696 3800f8 95694->95696 95697 3808fc CloseHandle 95694->95697 95695->95696 95707 380121 LeaveCriticalSection __wsopen_s 95696->95707 95733 38039a CreateFileW 95697->95733 95699 380927 95700 380931 GetLastError 95699->95700 95701 38095d 95699->95701 95734 36f2a3 20 API calls __dosmaperr 95700->95734 95701->95696 95703 38093d 95735 375333 21 API calls 2 library calls 95703->95735 95705->95652 95706->95658 95707->95658 95709 37522d ___DestructExceptionObject 95708->95709 95736 372f5e EnterCriticalSection 95709->95736 95711 375234 95712 375259 95711->95712 95717 3752c7 EnterCriticalSection 95711->95717 95720 37527b 95711->95720 95740 375000 21 API calls 3 library calls 95712->95740 95714 3752a4 __fread_nolock 95714->95666 95716 37525e 95716->95720 95741 375147 EnterCriticalSection 95716->95741 95718 3752d4 LeaveCriticalSection 95717->95718 95717->95720 95718->95711 95737 37532a 95720->95737 95721->95678 95722->95665 95723->95696 95724->95672 95725->95665 95726->95684 95727->95665 95728->95682 95729->95689 95730->95686 95731->95688 95732->95692 95733->95699 95734->95703 95735->95701 95736->95711 95742 372fa6 LeaveCriticalSection 95737->95742 95739 375331 95739->95714 95740->95716 95741->95720 95742->95739 95743 342de3 95744 342df0 __wsopen_s 95743->95744 95745 382c2b ___scrt_fastfail 95744->95745 95746 342e09 95744->95746 95748 382c47 GetOpenFileNameW 95745->95748 95747 343aa2 23 API calls 95746->95747 95749 342e12 95747->95749 95751 382c96 95748->95751 95759 342da5 95749->95759 95753 346b57 22 API calls 95751->95753 95755 382cab 95753->95755 95755->95755 95756 342e27 95777 3444a8 95756->95777 95760 381f50 __wsopen_s 95759->95760 95761 342db2 GetLongPathNameW 95760->95761 95762 346b57 22 API calls 95761->95762 95763 342dda 95762->95763 95764 343598 95763->95764 95765 34a961 22 API calls 95764->95765 95766 3435aa 95765->95766 95767 343aa2 23 API calls 95766->95767 95768 3435b5 95767->95768 95769 3832eb 95768->95769 95770 3435c0 95768->95770 95774 38330d 95769->95774 95812 35ce60 41 API calls 95769->95812 95772 34515f 22 API calls 95770->95772 95773 3435cc 95772->95773 95806 3435f3 95773->95806 95776 3435df 95776->95756 95778 344ecb 94 API calls 95777->95778 95779 3444cd 95778->95779 95780 383833 95779->95780 95782 344ecb 94 API calls 95779->95782 95781 3b2cf9 80 API calls 95780->95781 95783 383848 95781->95783 95784 3444e1 95782->95784 95785 383869 95783->95785 95786 38384c 95783->95786 95784->95780 95787 3444e9 95784->95787 95789 35fe0b 22 API calls 95785->95789 95788 344f39 68 API calls 95786->95788 95790 3444f5 95787->95790 95791 383854 95787->95791 95788->95791 95805 3838ae 95789->95805 95813 34940c 136 API calls 2 library calls 95790->95813 95814 3ada5a 82 API calls 95791->95814 95794 383862 95794->95785 95795 342e31 95796 383a5f 95797 344f39 68 API calls 95796->95797 95820 3a989b 82 API calls __wsopen_s 95796->95820 95797->95796 95802 349cb3 22 API calls 95802->95805 95805->95796 95805->95802 95815 3a967e 22 API calls __fread_nolock 95805->95815 95816 3a95ad 42 API calls _wcslen 95805->95816 95817 3b0b5a 22 API calls 95805->95817 95818 34a4a1 22 API calls __fread_nolock 95805->95818 95819 343ff7 22 API calls 95805->95819 95807 343605 95806->95807 95811 343624 __fread_nolock 95806->95811 95810 35fe0b 22 API calls 95807->95810 95808 35fddb 22 API calls 95809 34363b 95808->95809 95809->95776 95810->95811 95811->95808 95812->95769 95813->95795 95814->95794 95815->95805 95816->95805 95817->95805 95818->95805 95819->95805 95820->95796 95821 392a00 95837 34d7b0 messages 95821->95837 95822 34db11 PeekMessageW 95822->95837 95823 34d807 GetInputState 95823->95822 95823->95837 95824 34d9d5 95825 391cbe TranslateAcceleratorW 95825->95837 95827 34db8f PeekMessageW 95827->95837 95828 34da04 timeGetTime 95828->95837 95829 34db73 TranslateMessage DispatchMessageW 95829->95827 95830 34dbaf Sleep 95843 34dbc0 95830->95843 95831 392b74 Sleep 95831->95843 95832 35e551 timeGetTime 95832->95843 95833 391dda timeGetTime 95862 35e300 23 API calls 95833->95862 95834 3ad4dc 47 API calls 95834->95843 95836 392c0b GetExitCodeProcess 95840 392c21 WaitForSingleObject 95836->95840 95841 392c37 CloseHandle 95836->95841 95837->95822 95837->95823 95837->95824 95837->95825 95837->95827 95837->95828 95837->95829 95837->95830 95837->95831 95837->95833 95849 34ec40 185 API calls 95837->95849 95850 351310 185 API calls 95837->95850 95851 34bf40 185 API calls 95837->95851 95853 34dd50 95837->95853 95860 34dfd0 185 API calls 3 library calls 95837->95860 95861 35edf6 IsDialogMessageW GetClassLongW 95837->95861 95863 3b3a2a 23 API calls 95837->95863 95864 3b359c 82 API calls __wsopen_s 95837->95864 95838 3d29bf GetForegroundWindow 95838->95843 95840->95837 95840->95841 95841->95843 95842 392a31 95842->95824 95843->95824 95843->95832 95843->95834 95843->95836 95843->95837 95843->95838 95843->95842 95844 392ca9 Sleep 95843->95844 95865 3c5658 23 API calls 95843->95865 95866 3ae97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95843->95866 95844->95837 95849->95837 95850->95837 95851->95837 95854 34dd6f 95853->95854 95856 34dd83 95853->95856 95867 34d260 95854->95867 95899 3b359c 82 API calls __wsopen_s 95856->95899 95857 34dd7a 95857->95837 95859 392f75 95859->95859 95860->95837 95861->95837 95862->95837 95863->95837 95864->95837 95865->95843 95866->95843 95868 34ec40 185 API calls 95867->95868 95885 34d29d 95868->95885 95869 391bc4 95906 3b359c 82 API calls __wsopen_s 95869->95906 95871 34d6d5 95873 34d30b messages 95871->95873 95883 35fe0b 22 API calls 95871->95883 95872 34d3c3 95872->95871 95875 34d3ce 95872->95875 95873->95857 95874 34d5ff 95876 34d614 95874->95876 95877 391bb5 95874->95877 95879 35fddb 22 API calls 95875->95879 95880 35fddb 22 API calls 95876->95880 95905 3c5705 23 API calls 95877->95905 95878 34d4b8 95884 35fe0b 22 API calls 95878->95884 95888 34d3d5 __fread_nolock 95879->95888 95891 34d46a 95880->95891 95882 35fddb 22 API calls 95882->95885 95883->95888 95893 34d429 __fread_nolock messages 95884->95893 95885->95869 95885->95871 95885->95872 95885->95873 95885->95878 95885->95882 95885->95893 95886 35fddb 22 API calls 95887 34d3f6 95886->95887 95887->95893 95900 34bec0 185 API calls 95887->95900 95888->95886 95888->95887 95890 391ba4 95904 3b359c 82 API calls __wsopen_s 95890->95904 95891->95857 95893->95874 95893->95890 95893->95891 95895 391b7f 95893->95895 95897 391b5d 95893->95897 95901 341f6f 185 API calls 95893->95901 95903 3b359c 82 API calls __wsopen_s 95895->95903 95902 3b359c 82 API calls __wsopen_s 95897->95902 95899->95859 95900->95893 95901->95893 95902->95891 95903->95891 95904->95891 95905->95869 95906->95873 95907 341cad SystemParametersInfoW 95908 382402 95911 341410 95908->95911 95912 3824b8 DestroyWindow 95911->95912 95913 34144f mciSendStringW 95911->95913 95926 3824c4 95912->95926 95914 3416c6 95913->95914 95915 34146b 95913->95915 95914->95915 95916 3416d5 UnregisterHotKey 95914->95916 95917 341479 95915->95917 95915->95926 95916->95914 95944 34182e 95917->95944 95920 382509 95925 38252d 95920->95925 95927 38251c FreeLibrary 95920->95927 95921 3824d8 95921->95926 95950 346246 CloseHandle 95921->95950 95922 3824e2 FindClose 95922->95926 95923 34148e 95923->95925 95932 34149c 95923->95932 95928 382541 VirtualFree 95925->95928 95935 341509 95925->95935 95926->95920 95926->95921 95926->95922 95927->95920 95928->95925 95929 3414f8 OleUninitialize 95929->95935 95930 341514 95934 341524 95930->95934 95931 382589 95937 382598 messages 95931->95937 95951 3b32eb 6 API calls messages 95931->95951 95932->95929 95948 341944 VirtualFreeEx CloseHandle 95934->95948 95935->95930 95935->95931 95940 382627 95937->95940 95952 3a64d4 22 API calls messages 95937->95952 95939 34153a 95939->95937 95941 34161f 95939->95941 95940->95940 95941->95940 95949 341876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95941->95949 95943 3416c1 95946 34183b 95944->95946 95945 341480 95945->95920 95945->95923 95946->95945 95953 3a702a 22 API calls 95946->95953 95948->95939 95949->95943 95950->95921 95951->95931 95952->95937 95953->95946 95954 382ba5 95955 342b25 95954->95955 95956 382baf 95954->95956 95982 342b83 7 API calls 95955->95982 95958 343a5a 24 API calls 95956->95958 95960 382bb8 95958->95960 95962 349cb3 22 API calls 95960->95962 95963 382bc6 95962->95963 95964 382bce 95963->95964 95965 382bf5 95963->95965 95967 3433c6 22 API calls 95964->95967 95969 3433c6 22 API calls 95965->95969 95966 342b2f 95968 343837 49 API calls 95966->95968 95974 342b44 95966->95974 95970 382bd9 95967->95970 95968->95974 95971 382bf1 GetForegroundWindow ShellExecuteW 95969->95971 95986 346350 22 API calls 95970->95986 95978 382c26 95971->95978 95973 342b5f 95980 342b66 SetCurrentDirectoryW 95973->95980 95974->95973 95977 3430f2 Shell_NotifyIconW 95974->95977 95976 382be7 95979 3433c6 22 API calls 95976->95979 95977->95973 95978->95973 95979->95971 95981 342b7a 95980->95981 95987 342cd4 7 API calls 95982->95987 95984 342b2a 95985 342c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95984->95985 95985->95966 95986->95976 95987->95984

                                                                            Executed Functions

                                                                            Function 003442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 234 3442de-34434d call 34a961 GetVersionExW call 346b57 239 344353 234->239 240 383617-38362a 234->240 241 344355-344357 239->241 242 38362b-38362f 240->242 243 34435d-3443bc call 3493b2 call 3437a0 241->243 244 383656 241->244 245 383631 242->245 246 383632-38363e 242->246 263 3443c2-3443c4 243->263 264 3837df-3837e6 243->264 249 38365d-383660 244->249 245->246 246->242 248 383640-383642 246->248 248->241 251 383648-38364f 248->251 252 383666-3836a8 249->252 253 34441b-344435 GetCurrentProcess IsWow64Process 249->253 251->240 255 383651 251->255 252->253 256 3836ae-3836b1 252->256 258 344494-34449a 253->258 259 344437 253->259 255->244 261 3836db-3836e5 256->261 262 3836b3-3836bd 256->262 260 34443d-344449 258->260 259->260 265 34444f-34445e LoadLibraryA 260->265 266 383824-383828 GetSystemInfo 260->266 270 3836f8-383702 261->270 271 3836e7-3836f3 261->271 267 3836ca-3836d6 262->267 268 3836bf-3836c5 262->268 263->249 269 3443ca-3443dd 263->269 272 3837e8 264->272 273 383806-383809 264->273 274 344460-34446e GetProcAddress 265->274 275 34449c-3444a6 GetSystemInfo 265->275 267->253 268->253 276 3443e3-3443e5 269->276 277 383726-38372f 269->277 279 383704-383710 270->279 280 383715-383721 270->280 271->253 278 3837ee 272->278 281 38380b-38381a 273->281 282 3837f4-3837fc 273->282 274->275 284 344470-344474 GetNativeSystemInfo 274->284 285 344476-344478 275->285 286 38374d-383762 276->286 287 3443eb-3443ee 276->287 288 38373c-383748 277->288 289 383731-383737 277->289 278->282 279->253 280->253 281->278 283 38381c-383822 281->283 282->273 283->282 284->285 292 344481-344493 285->292 293 34447a-34447b FreeLibrary 285->293 290 38376f-38377b 286->290 291 383764-38376a 286->291 294 3443f4-34440f 287->294 295 383791-383794 287->295 288->253 289->253 290->253 291->253 293->292 297 344415 294->297 298 383780-38378c 294->298 295->253 296 38379a-3837c1 295->296 299 3837ce-3837da 296->299 300 3837c3-3837c9 296->300 297->253 298->253 299->253 300->253
                                                                            APIs
                                                                            • GetVersionExW.KERNEL32(?), ref: 0034430D
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • GetCurrentProcess.KERNEL32(?,003DCB64,00000000,?,?), ref: 00344422
                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00344429
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00344454
                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00344466
                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00344474
                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0034447B
                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 003444A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                            • API String ID: 3290436268-3101561225
                                                                            • Opcode ID: 04cc271c7b3b259ef869691d696775b60cc855a3407d1fa814436b88c27c686a
                                                                            • Instruction ID: 48336769f939185ac22b76ed7e4e3b5cfa1941603e319ab0f5e533a899416724
                                                                            • Opcode Fuzzy Hash: 04cc271c7b3b259ef869691d696775b60cc855a3407d1fa814436b88c27c686a
                                                                            • Instruction Fuzzy Hash: DFA1E66191A3C8CFEB13D77A7C443D57FE86B26700B08D4BAEAA197B39D2204504CB2D
                                                                            Function 003442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 638 3442a2-3442ba CreateStreamOnHGlobal 639 3442bc-3442d3 FindResourceExW 638->639 640 3442da-3442dd 638->640 641 3835ba-3835c9 LoadResource 639->641 642 3442d9 639->642 641->642 643 3835cf-3835dd SizeofResource 641->643 642->640 643->642 644 3835e3-3835ee LockResource 643->644 644->642 645 3835f4-383612 644->645 645->642
                                                                            APIs
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,003450AA,?,?,00000000,00000000), ref: 003442B2
                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,003450AA,?,?,00000000,00000000), ref: 003442C9
                                                                            • LoadResource.KERNEL32(?,00000000,?,?,003450AA,?,?,00000000,00000000,?,?,?,?,?,?,00344F20), ref: 003835BE
                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,003450AA,?,?,00000000,00000000,?,?,?,?,?,?,00344F20), ref: 003835D3
                                                                            • LockResource.KERNEL32(003450AA,?,?,003450AA,?,?,00000000,00000000,?,?,?,?,?,?,00344F20,?), ref: 003835E6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                            • String ID: SCRIPT
                                                                            • API String ID: 3051347437-3967369404
                                                                            • Opcode ID: c74552ec2cbec3f901fbf9f3a02ec1ab269697918d39a562022f54e9311a79b0
                                                                            • Instruction ID: f5b4576c6b685d6125318cb2d4fd6b136e87f7282cf8ac1c0984f6a4acf4db22
                                                                            • Opcode Fuzzy Hash: c74552ec2cbec3f901fbf9f3a02ec1ab269697918d39a562022f54e9311a79b0
                                                                            • Instruction Fuzzy Hash: 36117CB1211701BFDB228BA5EC48F677BBDEBC5B51F10496EF4029A290DBB1E800C720
                                                                            Function 00382BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00342B6B
                                                                              • Part of subcall function 00343A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00411418,?,00342E7F,?,?,?,00000000), ref: 00343A78
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00402224), ref: 00382C10
                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00402224), ref: 00382C17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                            • String ID: runas
                                                                            • API String ID: 448630720-4000483414
                                                                            • Opcode ID: 33a004857374991055168ae38715b0351567c5eb9a9ae64f290ed322d0d2a111
                                                                            • Instruction ID: e9ea26ce0522489e75f876eda9e4f391aa1fc7b7eb49927a1f7bba4a24431b8e
                                                                            • Opcode Fuzzy Hash: 33a004857374991055168ae38715b0351567c5eb9a9ae64f290ed322d0d2a111
                                                                            • Instruction Fuzzy Hash: 1911AF312083416AC707FF60D856AAFBBE89B91750F44542EB1822F0A2CF75AA49C752
                                                                            Function 003AD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1153 3ad4dc-3ad524 CreateToolhelp32Snapshot Process32FirstW call 3adef7 1156 3ad5d2-3ad5d5 1153->1156 1157 3ad5db-3ad5ea FindCloseChangeNotification 1156->1157 1158 3ad529-3ad538 Process32NextW 1156->1158 1158->1157 1159 3ad53e-3ad5ad call 34a961 * 2 call 349cb3 call 34525f call 34988f call 346350 call 35ce60 1158->1159 1174 3ad5af-3ad5b1 1159->1174 1175 3ad5b7-3ad5be 1159->1175 1176 3ad5c0-3ad5cd call 34988f * 2 1174->1176 1177 3ad5b3-3ad5b5 1174->1177 1175->1176 1176->1156 1177->1175 1177->1176
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 003AD501
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 003AD50F
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 003AD52F
                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 003AD5DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 3243318325-0
                                                                            • Opcode ID: 9e221325095b29e18fad5848d415ca4652fbfa666ef25acf7e9e1d2b802e7b85
                                                                            • Instruction ID: 132897563cb4a28965b0ce3303d9ae4f290bd1b1f4a19578ef64a0e10d7fab51
                                                                            • Opcode Fuzzy Hash: 9e221325095b29e18fad5848d415ca4652fbfa666ef25acf7e9e1d2b802e7b85
                                                                            • Instruction Fuzzy Hash: 2D31A9715043019FD302DF54D885A6F7BF8EF9A354F14051DF5828A1A2EB71A944C792
                                                                            Function 003ADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1181 3adbbe-3adbda lstrlenW 1182 3adbdc-3adbe6 GetFileAttributesW 1181->1182 1183 3adc06 1181->1183 1184 3adbe8-3adbf7 FindFirstFileW 1182->1184 1185 3adc09-3adc0d 1182->1185 1183->1185 1184->1183 1186 3adbf9-3adc04 FindClose 1184->1186 1186->1185
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,00385222), ref: 003ADBCE
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 003ADBDD
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003ADBEE
                                                                            • FindClose.KERNEL32(00000000), ref: 003ADBFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2695905019-0
                                                                            • Opcode ID: 292744bae61e096e9aa2b5bab2719b24560bc7320d707fc959fbe458292ba04b
                                                                            • Instruction ID: 1ccc9942dac273ea36d59c081b6d509334e00bc18b3f40d140d689814e26bde4
                                                                            • Opcode Fuzzy Hash: 292744bae61e096e9aa2b5bab2719b24560bc7320d707fc959fbe458292ba04b
                                                                            • Instruction Fuzzy Hash: 9DF0A03083192157C2226B78BC0D8AA376CDE02334F904B13F876C24E0EBB45D64C695
                                                                            Function 00364CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(003728E9,?,00364CBE,003728E9,004088B8,0000000C,00364E15,003728E9,00000002,00000000,?,003728E9), ref: 00364D09
                                                                            • TerminateProcess.KERNEL32(00000000,?,00364CBE,003728E9,004088B8,0000000C,00364E15,003728E9,00000002,00000000,?,003728E9), ref: 00364D10
                                                                            • ExitProcess.KERNEL32 ref: 00364D22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentExitTerminate
                                                                            • String ID:
                                                                            • API String ID: 1703294689-0
                                                                            • Opcode ID: 0ab5e8da386c239c22e1aab04d9b3c97c9b88485b34d556cb4e9bc6e91be779f
                                                                            • Instruction ID: 7e925ec7f0e9c4052fa7d1c55934929872d13aa656f5f0dd903482da2f6ae23d
                                                                            • Opcode Fuzzy Hash: 0ab5e8da386c239c22e1aab04d9b3c97c9b88485b34d556cb4e9bc6e91be779f
                                                                            • Instruction Fuzzy Hash: DEE0B631821149ABCF23AF54ED09A583F6DEB41781F119015FC098B127CB39DD52DA80
                                                                            Function 0034BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper
                                                                            • String ID: p#A
                                                                            • API String ID: 3964851224-348305189
                                                                            • Opcode ID: 6bd31e1744cf45cdf142f127070fc3c0e47f89aa4bb40a9cff0919fd518c8577
                                                                            • Instruction ID: 01908081115a67b86ecb050cd3b6d236f64ba01114e3e6b5db2e42721c188fb0
                                                                            • Opcode Fuzzy Hash: 6bd31e1744cf45cdf142f127070fc3c0e47f89aa4bb40a9cff0919fd518c8577
                                                                            • Instruction Fuzzy Hash: E9A27B706183019FCB56CF18C480B2ABBE5BF89304F15996DE99A8F362D771EC45CB92
                                                                            Function 0034D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 0034D807
                                                                            • timeGetTime.WINMM ref: 0034DA07
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0034DB28
                                                                            • TranslateMessage.USER32(?), ref: 0034DB7B
                                                                            • DispatchMessageW.USER32(?), ref: 0034DB89
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0034DB9F
                                                                            • Sleep.KERNEL32(0000000A), ref: 0034DBB1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                            • String ID:
                                                                            • API String ID: 2189390790-0
                                                                            • Opcode ID: e6df99b34c9696cec38c9468094fc151ce743d3e0245201aef6266d34684a86e
                                                                            • Instruction ID: 2b0480ce52e9ae24f300c6afec049e83bc4a6bde9e28ea98b6b91614646b11aa
                                                                            • Opcode Fuzzy Hash: e6df99b34c9696cec38c9468094fc151ce743d3e0245201aef6266d34684a86e
                                                                            • Instruction Fuzzy Hash: 2B42C130604642EFDB27DF24C885BAAB7E5FF46304F158569E8558F2A1D770F844CB92
                                                                            Function 00342CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00342D07
                                                                            • RegisterClassExW.USER32(00000030), ref: 00342D31
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00342D42
                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00342D5F
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00342D6F
                                                                            • LoadIconW.USER32(000000A9), ref: 00342D85
                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00342D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                            • API String ID: 2914291525-1005189915
                                                                            • Opcode ID: 72ca2f779e99efa455b43f247a4a2ce03ffdbd539dc639ee59d81c9b877e01d0
                                                                            • Instruction ID: c667096aa7e7e1451e689b6f65026ebf5233308abd760de02e5835c3af1bd0b9
                                                                            • Opcode Fuzzy Hash: 72ca2f779e99efa455b43f247a4a2ce03ffdbd539dc639ee59d81c9b877e01d0
                                                                            • Instruction Fuzzy Hash: B821C8B5D22219AFDB01DF94EC49BDDBBB8FB08701F00911AF621A62A0D7B14544CF55
                                                                            Function 0038065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 302 38065b-38068b call 38042f 305 38068d-380698 call 36f2c6 302->305 306 3806a6-3806b2 call 375221 302->306 311 38069a-3806a1 call 36f2d9 305->311 312 3806cb-380714 call 38039a 306->312 313 3806b4-3806c9 call 36f2c6 call 36f2d9 306->313 320 38097d-380983 311->320 322 380781-38078a GetFileType 312->322 323 380716-38071f 312->323 313->311 326 38078c-3807bd GetLastError call 36f2a3 CloseHandle 322->326 327 3807d3-3807d6 322->327 324 380721-380725 323->324 325 380756-38077c GetLastError call 36f2a3 323->325 324->325 329 380727-380754 call 38039a 324->329 325->311 326->311 341 3807c3-3807ce call 36f2d9 326->341 332 3807d8-3807dd 327->332 333 3807df-3807e5 327->333 329->322 329->325 334 3807e9-380837 call 37516a 332->334 333->334 335 3807e7 333->335 344 380839-380845 call 3805ab 334->344 345 380847-38086b call 38014d 334->345 335->334 341->311 344->345 351 38086f-380879 call 3786ae 344->351 352 38086d 345->352 353 38087e-3808c1 345->353 351->320 352->351 354 3808e2-3808f0 353->354 355 3808c3-3808c7 353->355 358 38097b 354->358 359 3808f6-3808fa 354->359 355->354 357 3808c9-3808dd 355->357 357->354 358->320 359->358 361 3808fc-38092f CloseHandle call 38039a 359->361 364 380931-38095d GetLastError call 36f2a3 call 375333 361->364 365 380963-380977 361->365 364->365 365->358
                                                                            APIs
                                                                              • Part of subcall function 0038039A: CreateFileW.KERNEL32(00000000,00000000,?,00380704,?,?,00000000,?,00380704,00000000,0000000C), ref: 003803B7
                                                                            • GetLastError.KERNEL32 ref: 0038076F
                                                                            • __dosmaperr.LIBCMT ref: 00380776
                                                                            • GetFileType.KERNEL32(00000000), ref: 00380782
                                                                            • GetLastError.KERNEL32 ref: 0038078C
                                                                            • __dosmaperr.LIBCMT ref: 00380795
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003807B5
                                                                            • CloseHandle.KERNEL32(?), ref: 003808FF
                                                                            • GetLastError.KERNEL32 ref: 00380931
                                                                            • __dosmaperr.LIBCMT ref: 00380938
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                            • String ID: H
                                                                            • API String ID: 4237864984-2852464175
                                                                            • Opcode ID: d9a359fa6145bbcb74084ea300cc4f9b637fecb7d67048ca509f7893abe7b835
                                                                            • Instruction ID: e6d881d96ace1ea65e2caefaba85534c4caf88d7771aeff321d9630b7b33f1e7
                                                                            • Opcode Fuzzy Hash: d9a359fa6145bbcb74084ea300cc4f9b637fecb7d67048ca509f7893abe7b835
                                                                            • Instruction Fuzzy Hash: B2A15736A102048FDF1EEF68D852BAE7BA0EB06320F15419DF8159F2A1DB759C17CB91
                                                                            Function 0034344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 00343A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00411418,?,00342E7F,?,?,?,00000000), ref: 00343A78
                                                                              • Part of subcall function 00343357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00343379
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0034356A
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0038318D
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003831CE
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00383210
                                                                            • _wcslen.LIBCMT ref: 00383277
                                                                            • _wcslen.LIBCMT ref: 00383286
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                            • API String ID: 98802146-2727554177
                                                                            • Opcode ID: 217166af1f88f038f77a2d60b46849ea3fb478f08a088bbaae43f00c1b2067ea
                                                                            • Instruction ID: c2c627b43c436ccfcec5d45be21c4904a16132961a5555a2df0c144d2916c7a0
                                                                            • Opcode Fuzzy Hash: 217166af1f88f038f77a2d60b46849ea3fb478f08a088bbaae43f00c1b2067ea
                                                                            • Instruction Fuzzy Hash: 43719E714143059EC706EF25ED8199BBBE8FF85740F40883EF855CB261DB709A58CB55
                                                                            Function 00342B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00342B8E
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00342B9D
                                                                            • LoadIconW.USER32(00000063), ref: 00342BB3
                                                                            • LoadIconW.USER32(000000A4), ref: 00342BC5
                                                                            • LoadIconW.USER32(000000A2), ref: 00342BD7
                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00342BEF
                                                                            • RegisterClassExW.USER32(?), ref: 00342C40
                                                                              • Part of subcall function 00342CD4: GetSysColorBrush.USER32(0000000F), ref: 00342D07
                                                                              • Part of subcall function 00342CD4: RegisterClassExW.USER32(00000030), ref: 00342D31
                                                                              • Part of subcall function 00342CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00342D42
                                                                              • Part of subcall function 00342CD4: InitCommonControlsEx.COMCTL32(?), ref: 00342D5F
                                                                              • Part of subcall function 00342CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00342D6F
                                                                              • Part of subcall function 00342CD4: LoadIconW.USER32(000000A9), ref: 00342D85
                                                                              • Part of subcall function 00342CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00342D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                            • String ID: #$0$AutoIt v3
                                                                            • API String ID: 423443420-4155596026
                                                                            • Opcode ID: ea5a7fc55c2d863e407fda01a321cac934850f0f2e509b259030c6c001151740
                                                                            • Instruction ID: 824628e003e66e9d5b80be556dfd8255d2ab3ddf887463b5a6d35fdd371de7f1
                                                                            • Opcode Fuzzy Hash: ea5a7fc55c2d863e407fda01a321cac934850f0f2e509b259030c6c001151740
                                                                            • Instruction Fuzzy Hash: 8B214F74E21318AFEB119F95EC95AD97FB4FB08B50F00802AFA11A66B4D3B11540CF98
                                                                            Function 00343170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 443 343170-343185 444 3431e5-3431e7 443->444 445 343187-34318a 443->445 444->445 448 3431e9 444->448 446 34318c-343193 445->446 447 3431eb 445->447 449 343265-34326d PostQuitMessage 446->449 450 343199-34319e 446->450 452 382dfb-382e23 call 3418e2 call 35e499 447->452 453 3431f1-3431f6 447->453 451 3431d0-3431d8 DefWindowProcW 448->451 458 343219-34321b 449->458 455 3431a4-3431a8 450->455 456 382e7c-382e90 call 3abf30 450->456 457 3431de-3431e4 451->457 487 382e28-382e2f 452->487 459 34321d-343244 SetTimer RegisterWindowMessageW 453->459 460 3431f8-3431fb 453->460 462 382e68-382e77 call 3ac161 455->462 463 3431ae-3431b3 455->463 456->458 480 382e96 456->480 458->457 459->458 464 343246-343251 CreatePopupMenu 459->464 466 382d9c-382d9f 460->466 467 343201-34320f KillTimer call 3430f2 460->467 462->458 470 382e4d-382e54 463->470 471 3431b9-3431be 463->471 464->458 473 382da1-382da5 466->473 474 382dd7-382df6 MoveWindow 466->474 484 343214 call 343c50 467->484 470->451 483 382e5a-382e63 call 3a0ad7 470->483 478 3431c4-3431ca 471->478 479 343253-343263 call 34326f 471->479 481 382dc6-382dd2 SetFocus 473->481 482 382da7-382daa 473->482 474->458 478->451 478->487 479->458 480->451 481->458 482->478 488 382db0-382dc1 call 3418e2 482->488 483->451 484->458 487->451 491 382e35-382e48 call 3430f2 call 343837 487->491 488->458 491->451
                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0034316A,?,?), ref: 003431D8
                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0034316A,?,?), ref: 00343204
                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00343227
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0034316A,?,?), ref: 00343232
                                                                            • CreatePopupMenu.USER32 ref: 00343246
                                                                            • PostQuitMessage.USER32(00000000), ref: 00343267
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                            • String ID: TaskbarCreated
                                                                            • API String ID: 129472671-2362178303
                                                                            • Opcode ID: ecb7abb9d81cc6c8b1cc5d9353859658c0304d9cc3055601f1dc494417880ca0
                                                                            • Instruction ID: 97ae8981462011ca36428691b6af293fac728e11c72580e58c26fbd10b42b0a7
                                                                            • Opcode Fuzzy Hash: ecb7abb9d81cc6c8b1cc5d9353859658c0304d9cc3055601f1dc494417880ca0
                                                                            • Instruction Fuzzy Hash: 50411731260209ABDF172B78ED49BB93B9DE705300F044126FA228F5B5C7A5FB40D769
                                                                            Function 00341410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 499 341410-341449 500 3824b8-3824b9 DestroyWindow 499->500 501 34144f-341465 mciSendStringW 499->501 506 3824c4-3824d1 500->506 502 3416c6-3416d3 501->502 503 34146b-341473 501->503 504 3416d5-3416f0 UnregisterHotKey 502->504 505 3416f8-3416ff 502->505 503->506 507 341479-341488 call 34182e 503->507 504->505 509 3416f2-3416f3 call 3410d0 504->509 505->503 510 341705 505->510 511 382500-382507 506->511 512 3824d3-3824d6 506->512 518 38250e-38251a 507->518 519 34148e-341496 507->519 509->505 510->502 511->506 515 382509 511->515 516 3824d8-3824e0 call 346246 512->516 517 3824e2-3824e5 FindClose 512->517 515->518 520 3824eb-3824f8 516->520 517->520 526 38251c-38251e FreeLibrary 518->526 527 382524-38252b 518->527 523 34149c-3414c1 call 34cfa0 519->523 524 382532-38253f 519->524 520->511 525 3824fa-3824fb call 3b32b1 520->525 537 3414c3 523->537 538 3414f8-341503 OleUninitialize 523->538 531 382541-38255e VirtualFree 524->531 532 382566-38256d 524->532 525->511 526->527 527->518 530 38252d 527->530 530->524 531->532 535 382560-382561 call 3b3317 531->535 532->524 533 38256f 532->533 539 382574-382578 533->539 535->532 540 3414c6-3414f6 call 341a05 call 3419ae 537->540 538->539 541 341509-34150e 538->541 539->541 542 38257e-382584 539->542 540->538 544 341514-34151e 541->544 545 382589-382596 call 3b32eb 541->545 542->541 548 341524-3415a5 call 34988f call 341944 call 3417d5 call 35fe14 call 34177c call 34988f call 34cfa0 call 3417fe call 35fe14 544->548 549 341707-341714 call 35f80e 544->549 558 382598 545->558 562 38259d-3825bf call 35fdcd 548->562 588 3415ab-3415cf call 35fe14 548->588 549->548 560 34171a 549->560 558->562 560->549 567 3825c1 562->567 570 3825c6-3825e8 call 35fdcd 567->570 576 3825ea 570->576 579 3825ef-382611 call 35fdcd 576->579 586 382613 579->586 589 382618-382625 call 3a64d4 586->589 588->570 594 3415d5-3415f9 call 35fe14 588->594 595 382627 589->595 594->579 600 3415ff-341619 call 35fe14 594->600 597 38262c-382639 call 35ac64 595->597 603 38263b 597->603 600->589 605 34161f-341643 call 3417d5 call 35fe14 600->605 606 382640-38264d call 3b3245 603->606 605->597 614 341649-341651 605->614 612 38264f 606->612 616 382654-382661 call 3b32cc 612->616 614->606 615 341657-341675 call 34988f call 34190a 614->615 615->616 625 34167b-341689 615->625 622 382663 616->622 624 382668-382675 call 3b32cc 622->624 630 382677 624->630 625->624 627 34168f-3416c5 call 34988f * 3 call 341876 625->627 630->630
                                                                            APIs
                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00341459
                                                                            • OleUninitialize.OLE32(?,00000000), ref: 003414F8
                                                                            • UnregisterHotKey.USER32(?), ref: 003416DD
                                                                            • DestroyWindow.USER32(?), ref: 003824B9
                                                                            • FreeLibrary.KERNEL32(?), ref: 0038251E
                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0038254B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                            • String ID: close all
                                                                            • API String ID: 469580280-3243417748
                                                                            • Opcode ID: 395ca9dd3c2ca48a921484c671c07faa1e6ebb11ca7eeec9648cb6d400e24e4d
                                                                            • Instruction ID: ff94d643fb91a520376a1a1a8aa6a948eab0b918278a4d26e04eac05d2d89637
                                                                            • Opcode Fuzzy Hash: 395ca9dd3c2ca48a921484c671c07faa1e6ebb11ca7eeec9648cb6d400e24e4d
                                                                            • Instruction Fuzzy Hash: 40D16A317126128FCB1BEF15D899A6AF7A4BF05700F1542ADE84A6F262DB30ED52CF50
                                                                            Function 00342C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 648 342c63-342cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                            APIs
                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00342C91
                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00342CB2
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00341CAD,?), ref: 00342CC6
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00341CAD,?), ref: 00342CCF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CreateShow
                                                                            • String ID: AutoIt v3$edit
                                                                            • API String ID: 1584632944-3779509399
                                                                            • Opcode ID: eaecb2873f92ce9999257a7874b13fa760cc7e3218085d8f28c4cb947608b7c7
                                                                            • Instruction ID: a254a00e9934a04a7f542b3ead52ee34942d2496a7d43c2323a01928d08b398d
                                                                            • Opcode Fuzzy Hash: eaecb2873f92ce9999257a7874b13fa760cc7e3218085d8f28c4cb947608b7c7
                                                                            • Instruction Fuzzy Hash: ABF0DA755A02987AFB311717BC08EB76EBDD7C6F50F00916AFE10A26B4C6711850DAB8
                                                                            Function 003CAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 763 3cad64-3cad9c call 34a961 call 362340 768 3cad9e-3cadb5 call 347510 763->768 769 3cadd1-3cadd5 763->769 768->769 780 3cadb7-3cadce call 347510 call 347620 768->780 770 3cadd7-3cadee call 347510 call 347620 769->770 771 3cadf1-3cadf5 769->771 770->771 774 3cae3a 771->774 775 3cadf7-3cae0e call 347510 771->775 778 3cae3c-3cae40 774->778 775->778 789 3cae10-3cae21 call 349b47 775->789 782 3cae42-3cae50 call 34b567 778->782 783 3cae53-3caeae call 362340 call 347510 ShellExecuteExW 778->783 780->769 782->783 800 3caeb7-3caeb9 783->800 801 3caeb0-3caeb6 call 35fe14 783->801 789->774 799 3cae23-3cae2e call 347510 789->799 799->774 807 3cae30-3cae35 call 34a8c7 799->807 804 3caebb-3caec1 call 35fe14 800->804 805 3caec2-3caec6 800->805 801->800 804->805 809 3caec8-3caed6 805->809 810 3caf0a-3caf0e 805->810 807->774 814 3caed8 809->814 815 3caedb-3caeeb 809->815 816 3caf1b-3caf33 call 34cfa0 810->816 817 3caf10-3caf19 810->817 814->815 818 3caeed 815->818 819 3caef0-3caf08 call 34cfa0 815->819 820 3caf6d-3caf7b call 34988f 816->820 825 3caf35-3caf46 GetProcessId 816->825 817->820 818->819 819->820 828 3caf4e-3caf67 call 34cfa0 CloseHandle 825->828 829 3caf48 825->829 828->820 829->828
                                                                            APIs
                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 003CAEA3
                                                                              • Part of subcall function 00347620: _wcslen.LIBCMT ref: 00347625
                                                                            • GetProcessId.KERNEL32(00000000), ref: 003CAF38
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CAF67
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                            • String ID: <$@
                                                                            • API String ID: 146682121-1426351568
                                                                            • Opcode ID: 258a3409a1f89ec44728e9fd578ed12c4f1567fa05bbd65165d7ae526e7a974a
                                                                            • Instruction ID: 5f2f7ff7ef8f30ece0df98174c88b4344f42da95dcd652fc80bf23c7abf20f64
                                                                            • Opcode Fuzzy Hash: 258a3409a1f89ec44728e9fd578ed12c4f1567fa05bbd65165d7ae526e7a974a
                                                                            • Instruction Fuzzy Hash: 28713574A00A19DFCB16EF64C485A9EBBF0EF08314F05849DE816AF262CB75ED45CB91
                                                                            Function 00343B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1142 343b1c-343b27 1143 343b99-343b9b 1142->1143 1144 343b29-343b2e 1142->1144 1146 343b8c-343b8f 1143->1146 1144->1143 1145 343b30-343b48 RegOpenKeyExW 1144->1145 1145->1143 1147 343b4a-343b69 RegQueryValueExW 1145->1147 1148 343b80-343b8b RegCloseKey 1147->1148 1149 343b6b-343b76 1147->1149 1148->1146 1150 343b90-343b97 1149->1150 1151 343b78-343b7a 1149->1151 1152 343b7e 1150->1152 1151->1152 1152->1148
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00343B0F,SwapMouseButtons,00000004,?), ref: 00343B40
                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00343B0F,SwapMouseButtons,00000004,?), ref: 00343B61
                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00343B0F,SwapMouseButtons,00000004,?), ref: 00343B83
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID: Control Panel\Mouse
                                                                            • API String ID: 3677997916-824357125
                                                                            • Opcode ID: 4d3b9a35aa5a40ee71e55d076225e1879c553d81784288be14eaa3c9967709b3
                                                                            • Instruction ID: bec718540cdeab843f0cea7f1837cfdcabb05e01e86a9fcf456ba3f38d6262d5
                                                                            • Opcode Fuzzy Hash: 4d3b9a35aa5a40ee71e55d076225e1879c553d81784288be14eaa3c9967709b3
                                                                            • Instruction Fuzzy Hash: 8B112AB5521208FFDB228FA5DC44AAEB7FCEF04744B11855AA805DB110D231EF449B60
                                                                            Function 00343923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003833A2
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00343A04
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                            • String ID: Line:
                                                                            • API String ID: 2289894680-1585850449
                                                                            • Opcode ID: f7a9cfc9674dc93e6b22b6b49a1c4f980b1669031b7fa68ebb7b3a7ef5e2c033
                                                                            • Instruction ID: 9808f084bcbf06e850192816dafadce379aece6d81f6a4760c352ffe9b53a4f0
                                                                            • Opcode Fuzzy Hash: f7a9cfc9674dc93e6b22b6b49a1c4f980b1669031b7fa68ebb7b3a7ef5e2c033
                                                                            • Instruction Fuzzy Hash: 7331B471548304AAD723EF20DC46BEBB7ECAF41710F10492AF5999B1A1DB70A648CBC7
                                                                            Function 00342DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00382C8C
                                                                              • Part of subcall function 00343AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00343A97,?,?,00342E7F,?,?,?,00000000), ref: 00343AC2
                                                                              • Part of subcall function 00342DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00342DC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                            • String ID: X$`e@
                                                                            • API String ID: 779396738-3348127276
                                                                            • Opcode ID: 19eaf77c69b24702cc3a4626ea6bc05dd43cc07debbc27eaf589f91be3e88757
                                                                            • Instruction ID: 55b68ad2882494db44ff10322aebdd114a2392e8140c1982d451c6c7b012f109
                                                                            • Opcode Fuzzy Hash: 19eaf77c69b24702cc3a4626ea6bc05dd43cc07debbc27eaf589f91be3e88757
                                                                            • Instruction Fuzzy Hash: 40219671A102589BDB02EF94C845BEE7BFC9F49314F00805AE505BF281DBB85689CF65
                                                                            Function 0035FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00360668
                                                                              • Part of subcall function 003632A4: RaiseException.KERNEL32(?,?,?,0036068A,?,00411444,?,?,?,?,?,?,0036068A,00341129,00408738,00341129), ref: 00363304
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00360685
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                            • String ID: Unknown exception
                                                                            • API String ID: 3476068407-410509341
                                                                            • Opcode ID: b015cc5a095eafe1b148d8c7a20987868795114d551e495e9bdfd9abf2446e8b
                                                                            • Instruction ID: a4e0fec2f3a865e180b12f6adc5576aa18f4fc8d3f18afc05db809922243dbb7
                                                                            • Opcode Fuzzy Hash: b015cc5a095eafe1b148d8c7a20987868795114d551e495e9bdfd9abf2446e8b
                                                                            • Instruction Fuzzy Hash: 47F0C23490020DBBCB06BAA4DC57D9E77BC9E00314B60C535B9149A5EDEF71DA69C681
                                                                            Function 003410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00341BF4
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00341BFC
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00341C07
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00341C12
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00341C1A
                                                                              • Part of subcall function 00341BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00341C22
                                                                              • Part of subcall function 00341B4A: RegisterWindowMessageW.USER32(00000004,?,003412C4), ref: 00341BA2
                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0034136A
                                                                            • OleInitialize.OLE32 ref: 00341388
                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 003824AB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                            • String ID:
                                                                            • API String ID: 1986988660-0
                                                                            • Opcode ID: 8779bcbf9d9dbf07bb6b2078910c8dcaa96f168abb8ae0971f92e0faf6977712
                                                                            • Instruction ID: 397434a6fa65d2985d407694795951d3fe38a216a74b5343d779ab59265f1e1d
                                                                            • Opcode Fuzzy Hash: 8779bcbf9d9dbf07bb6b2078910c8dcaa96f168abb8ae0971f92e0faf6977712
                                                                            • Instruction Fuzzy Hash: 3A71C9B9922201AFC785EF7AA9456D53BE6FB88744744C23AD60ACB371EB304481CF4C
                                                                            Function 003786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,003785CC,?,00408CC8,0000000C), ref: 00378704
                                                                            • GetLastError.KERNEL32(?,003785CC,?,00408CC8,0000000C), ref: 0037870E
                                                                            • __dosmaperr.LIBCMT ref: 00378739
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 490808831-0
                                                                            • Opcode ID: 15a058d8c51f6b6e7de18b77013bfddb710119fac3884d6f81a196ae04dfefdc
                                                                            • Instruction ID: 1d3597988ef66923b0535fb09957aef3e7dacc9a3cbe02f3bccdc08bb1a45fc3
                                                                            • Opcode Fuzzy Hash: 15a058d8c51f6b6e7de18b77013bfddb710119fac3884d6f81a196ae04dfefdc
                                                                            • Instruction Fuzzy Hash: 7F016B36B4526036E63B6334684E77E278A4B81774F3AC119F90C9F0E2DEEC8C81C150
                                                                            Function 00351310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 003517F6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: CALL
                                                                            • API String ID: 1385522511-4196123274
                                                                            • Opcode ID: 8b8fd3e48ffd33432fd9cb2cdc2395a8dffe545f6730c959784d70e5bae6f006
                                                                            • Instruction ID: 56095f8d414cf6c33bd744b5e97ebb516cdde196dd3584e4cd96abe46480d289
                                                                            • Opcode Fuzzy Hash: 8b8fd3e48ffd33432fd9cb2cdc2395a8dffe545f6730c959784d70e5bae6f006
                                                                            • Instruction Fuzzy Hash: 8022AB706082419FCB16DF14C481F2ABBF5BF89315F15892DF8968B362D771E949CB82
                                                                            Function 00343837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00343908
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 72f284c9c05de9a495c11dde02297a6aec3dd1a5fe82429d446f6868973ba14c
                                                                            • Instruction ID: 68fc09e3eb0644d6fe2c3ece7d467d602aa32a89ffad93b37849683ed46f218a
                                                                            • Opcode Fuzzy Hash: 72f284c9c05de9a495c11dde02297a6aec3dd1a5fe82429d446f6868973ba14c
                                                                            • Instruction Fuzzy Hash: C93175706057059FE722DF24D8857D7B7E8FB49704F00092EFA998B250D771AA44CB52
                                                                            Function 00344ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00344E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00344EDD,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E9C
                                                                              • Part of subcall function 00344E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00344EAE
                                                                              • Part of subcall function 00344E90: FreeLibrary.KERNEL32(00000000,?,?,00344EDD,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344EC0
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344EFD
                                                                              • Part of subcall function 00344E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00383CDE,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E62
                                                                              • Part of subcall function 00344E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00344E74
                                                                              • Part of subcall function 00344E59: FreeLibrary.KERNEL32(00000000,?,?,00383CDE,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E87
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressFreeProc
                                                                            • String ID:
                                                                            • API String ID: 2632591731-0
                                                                            • Opcode ID: 930bdb51eb5efb69bf0946bc7358aa27ed28abf0c1cde559524a95b588ef3e68
                                                                            • Instruction ID: 50cdafa79de0adf25a961e74aeb0352b2f3aaf8ffbc7cfe688b3c501a3c801f6
                                                                            • Opcode Fuzzy Hash: 930bdb51eb5efb69bf0946bc7358aa27ed28abf0c1cde559524a95b588ef3e68
                                                                            • Instruction Fuzzy Hash: 02119132610305AADF16BB64D802BAD77E5AF40B11F10843AF542AE1D1EE75EA499B50
                                                                            Function 00378402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __wsopen_s
                                                                            • String ID:
                                                                            • API String ID: 3347428461-0
                                                                            • Opcode ID: d20b4ac976af7f361bd954fc0d066af7dff4ebcf4aeb2e5013edd8764f318514
                                                                            • Instruction ID: e4fded9325064aefe72e88a617cb51150da3eaaccf9cde7d45400f4c08b5bc15
                                                                            • Opcode Fuzzy Hash: d20b4ac976af7f361bd954fc0d066af7dff4ebcf4aeb2e5013edd8764f318514
                                                                            • Instruction Fuzzy Hash: 09114C7190410AAFCB16DF59E94499A7BF4EF48310F118059F808AB311DB70DA11CB64
                                                                            Function 0036E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction ID: a8682b4106e7f62ddd0ec7bf3f8cd85a754ab587df9702e927fb6cf73183cbfe
                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction Fuzzy Hash: 3DF0283A910A14AAC7333A79DC09B5B339C9F52330F11C715F5289B1D6CB78E80A86A6
                                                                            Function 00373820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6,?,00341129), ref: 00373852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 05e92461731c5474370d60d167e7877d29236c040ff730d7e3f027b18331c1cc
                                                                            • Instruction ID: bdb1dce1dbc524f4f95b2475af650d5ebbf0a8281eb65c1631ec94dff773af75
                                                                            • Opcode Fuzzy Hash: 05e92461731c5474370d60d167e7877d29236c040ff730d7e3f027b18331c1cc
                                                                            • Instruction Fuzzy Hash: 34E0E531501225B6E7332A669C00F9A374CAF427B0F06C122BC1C9A995CB79DD05A2E3
                                                                            Function 00344F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344F6D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibrary
                                                                            • String ID:
                                                                            • API String ID: 3664257935-0
                                                                            • Opcode ID: 3932d11aa9b7d26bb7cd646beb30ac5c2f984afc42aaeb461c738c8404738513
                                                                            • Instruction ID: 6d943b7c86c713cc9a71943fb53816a72e0dc661cbd64493462d68f5f669813b
                                                                            • Opcode Fuzzy Hash: 3932d11aa9b7d26bb7cd646beb30ac5c2f984afc42aaeb461c738c8404738513
                                                                            • Instruction Fuzzy Hash: 8EF03071105752CFDB369F64E494912B7E4AF14319311897EE1EA8A921C731A848DF10
                                                                            Function 003430F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0034314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 6fced13f63395cc994ef62e02f58b2f3f5a2aad638da9cda64722ecf98b74f68
                                                                            • Instruction ID: 4459e4be0ce3f0423c6593c0bb36b9f77a08c8375ee804f550c096fc8f3228a5
                                                                            • Opcode Fuzzy Hash: 6fced13f63395cc994ef62e02f58b2f3f5a2aad638da9cda64722ecf98b74f68
                                                                            • Instruction Fuzzy Hash: 48F0A0B09103189FEB539B24DC4A7DA7BFCAB01708F0040E9A68897296DB705B88CF55
                                                                            Function 00342DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00342DC4
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongNamePath_wcslen
                                                                            • String ID:
                                                                            • API String ID: 541455249-0
                                                                            • Opcode ID: 803e15121884b86ccfac76575b9a1a739d9c3f6fe68a5a470da479f32eb048fb
                                                                            • Instruction ID: d68f3e02e931dbd5e9db80adc0de45f3a9ef3e0657fe6457fb75d058dc0a5507
                                                                            • Opcode Fuzzy Hash: 803e15121884b86ccfac76575b9a1a739d9c3f6fe68a5a470da479f32eb048fb
                                                                            • Instruction Fuzzy Hash: 2EE0CD726002245BCB11A6589C06FDA77DDDFC8790F0401B1FD09DB248D960AD80C651
                                                                            Function 00342B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00343837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00343908
                                                                              • Part of subcall function 0034D730: GetInputState.USER32 ref: 0034D807
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00342B6B
                                                                              • Part of subcall function 003430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0034314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                            • String ID:
                                                                            • API String ID: 3667716007-0
                                                                            • Opcode ID: 1a7704a0918451ea1b84d1f16599c3555b9543d173f290e06356ea8894dbfcdb
                                                                            • Instruction ID: ad548e45e40e13eb804957b95b83f9d80166576dc8f3e13d2c8b9b60d5447351
                                                                            • Opcode Fuzzy Hash: 1a7704a0918451ea1b84d1f16599c3555b9543d173f290e06356ea8894dbfcdb
                                                                            • Instruction Fuzzy Hash: 42E0262130020407CA06BB34A8125AEB7C98BD1311F40153FF1424F173CF6465898212
                                                                            Function 0038039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00380704,?,?,00000000,?,00380704,00000000,0000000C), ref: 003803B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: caf4c0e6f6489b3f3a78ecaf74af98aad35d462a4fb5ce084f23f341902e9aee
                                                                            • Instruction ID: 1c6ac7f71a1a23327a682f0ccaf483013b63f3c43576f8b3cc136436bf844b02
                                                                            • Opcode Fuzzy Hash: caf4c0e6f6489b3f3a78ecaf74af98aad35d462a4fb5ce084f23f341902e9aee
                                                                            • Instruction Fuzzy Hash: 9FD06C3205010DBBDF028F84ED06EDA3BAAFB48714F014000BE1856020C732E821EB90
                                                                            Function 00341CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00341CBC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: 7039ef247447f54af5f71650ff176f59751a6dad56f6841097150c08caed6b8c
                                                                            • Instruction ID: de25b605c379c076237611fc7e0bcfa43030915d63bf0f3efcf3659fc6bf86dc
                                                                            • Opcode Fuzzy Hash: 7039ef247447f54af5f71650ff176f59751a6dad56f6841097150c08caed6b8c
                                                                            • Instruction Fuzzy Hash: 46C09B35290305AFF6154780BD4AF507755E348B00F04C111F709955F3C3E11420D654

                                                                            Non-executed Functions

                                                                            Function 003D9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 003D961A
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003D965B
                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 003D969F
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003D96C9
                                                                            • SendMessageW.USER32 ref: 003D96F2
                                                                            • GetKeyState.USER32(00000011), ref: 003D978B
                                                                            • GetKeyState.USER32(00000009), ref: 003D9798
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003D97AE
                                                                            • GetKeyState.USER32(00000010), ref: 003D97B8
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003D97E9
                                                                            • SendMessageW.USER32 ref: 003D9810
                                                                            • SendMessageW.USER32(?,00001030,?,003D7E95), ref: 003D9918
                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 003D992E
                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003D9941
                                                                            • SetCapture.USER32(?), ref: 003D994A
                                                                            • ClientToScreen.USER32(?,?), ref: 003D99AF
                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003D99BC
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003D99D6
                                                                            • ReleaseCapture.USER32 ref: 003D99E1
                                                                            • GetCursorPos.USER32(?), ref: 003D9A19
                                                                            • ScreenToClient.USER32(?,?), ref: 003D9A26
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 003D9A80
                                                                            • SendMessageW.USER32 ref: 003D9AAE
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 003D9AEB
                                                                            • SendMessageW.USER32 ref: 003D9B1A
                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003D9B3B
                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 003D9B4A
                                                                            • GetCursorPos.USER32(?), ref: 003D9B68
                                                                            • ScreenToClient.USER32(?,?), ref: 003D9B75
                                                                            • GetParent.USER32(?), ref: 003D9B93
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 003D9BFA
                                                                            • SendMessageW.USER32 ref: 003D9C2B
                                                                            • ClientToScreen.USER32(?,?), ref: 003D9C84
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003D9CB4
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 003D9CDE
                                                                            • SendMessageW.USER32 ref: 003D9D01
                                                                            • ClientToScreen.USER32(?,?), ref: 003D9D4E
                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003D9D82
                                                                              • Part of subcall function 00359944: GetWindowLongW.USER32(?,000000EB), ref: 00359952
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D9E05
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                            • String ID: @GUI_DRAGID$F$p#A
                                                                            • API String ID: 3429851547-3939693707
                                                                            • Opcode ID: 08d914f749f6f095558d420b59c29743e49c8155c590d8ef106d06dd76642272
                                                                            • Instruction ID: c24316bbef173b3b81ac0f789e58a279aedec18b9cf8d75a6e4d6e2e381f5f5c
                                                                            • Opcode Fuzzy Hash: 08d914f749f6f095558d420b59c29743e49c8155c590d8ef106d06dd76642272
                                                                            • Instruction Fuzzy Hash: 8F429D72215201AFD722CF24EC44BAABBE9FF49320F15461BF6999B3A1D731E854CB41
                                                                            Function 003D4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 003D48F3
                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 003D4908
                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 003D4927
                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 003D494B
                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 003D495C
                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 003D497B
                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 003D49AE
                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 003D49D4
                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 003D4A0F
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003D4A56
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003D4A7E
                                                                            • IsMenu.USER32(?), ref: 003D4A97
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003D4AF2
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003D4B20
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D4B94
                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 003D4BE3
                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 003D4C82
                                                                            • wsprintfW.USER32 ref: 003D4CAE
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003D4CC9
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 003D4CF1
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003D4D13
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003D4D33
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 003D4D5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                            • String ID: %d/%02d/%02d
                                                                            • API String ID: 4054740463-328681919
                                                                            • Opcode ID: 947c9dc8e0b96afd1ca4df90e4f7fcba370e419807335a870af362234cdc9214
                                                                            • Instruction ID: ae99f5de10dc7c303793d60a5972843124f32d43ffa6c128c0099458b6c74c29
                                                                            • Opcode Fuzzy Hash: 947c9dc8e0b96afd1ca4df90e4f7fcba370e419807335a870af362234cdc9214
                                                                            • Instruction Fuzzy Hash: 9512F072610215ABEB268F24EC49FAEBBFCEF45310F14412AF915EB2E1DB749940CB50
                                                                            Function 0035F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0035F998
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0039F474
                                                                            • IsIconic.USER32(00000000), ref: 0039F47D
                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0039F48A
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0039F494
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0039F4AA
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0039F4B1
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0039F4BD
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0039F4CE
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0039F4D6
                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0039F4DE
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0039F4E1
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0039F4F6
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0039F501
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0039F50B
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0039F510
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0039F519
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0039F51E
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0039F528
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0039F52D
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0039F530
                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0039F557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 4125248594-2988720461
                                                                            • Opcode ID: 4768f86f701423eef530c0b40cf3715bc3615f59aa41dc7a6d0fa71075deb85d
                                                                            • Instruction ID: 75c63f85e9d597863b723b8437fcf8f35d113976a5813b17441aa1fa4e5fa75a
                                                                            • Opcode Fuzzy Hash: 4768f86f701423eef530c0b40cf3715bc3615f59aa41dc7a6d0fa71075deb85d
                                                                            • Instruction Fuzzy Hash: CF319671A602197FEF226BB66C49FBF7F6DEB45B50F111066FA00E61D1C6B05D00EA60
                                                                            Function 003A1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003A170D
                                                                              • Part of subcall function 003A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003A173A
                                                                              • Part of subcall function 003A16C3: GetLastError.KERNEL32 ref: 003A174A
                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 003A1286
                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 003A12A8
                                                                            • CloseHandle.KERNEL32(?), ref: 003A12B9
                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003A12D1
                                                                            • GetProcessWindowStation.USER32 ref: 003A12EA
                                                                            • SetProcessWindowStation.USER32(00000000), ref: 003A12F4
                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003A1310
                                                                              • Part of subcall function 003A10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003A11FC), ref: 003A10D4
                                                                              • Part of subcall function 003A10BF: CloseHandle.KERNEL32(?,?,003A11FC), ref: 003A10E9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                            • String ID: $default$winsta0$Z@
                                                                            • API String ID: 22674027-2232833548
                                                                            • Opcode ID: 5a31b7db8f3b918a0d1d020b02cc2dc92946360bdd9cdf9c0700969ae9f2018d
                                                                            • Instruction ID: 93c159dfcb4cdbad855b28b95f464c7966029940cb3569873d1878eb2c1bc1b7
                                                                            • Opcode Fuzzy Hash: 5a31b7db8f3b918a0d1d020b02cc2dc92946360bdd9cdf9c0700969ae9f2018d
                                                                            • Instruction Fuzzy Hash: B7818D71910209AFDF229FA9DC49FEE7BBDEF09704F18412AF911EA1A0D7758944CB60
                                                                            Function 003A0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003A1114
                                                                              • Part of subcall function 003A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1120
                                                                              • Part of subcall function 003A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A112F
                                                                              • Part of subcall function 003A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1136
                                                                              • Part of subcall function 003A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003A114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003A0BCC
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003A0C00
                                                                            • GetLengthSid.ADVAPI32(?), ref: 003A0C17
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 003A0C51
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003A0C6D
                                                                            • GetLengthSid.ADVAPI32(?), ref: 003A0C84
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003A0C8C
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 003A0C93
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003A0CB4
                                                                            • CopySid.ADVAPI32(00000000), ref: 003A0CBB
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003A0CEA
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003A0D0C
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003A0D1E
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0D45
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0D4C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0D55
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0D5C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0D65
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0D6C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 003A0D78
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0D7F
                                                                              • Part of subcall function 003A1193: GetProcessHeap.KERNEL32(00000008,003A0BB1,?,00000000,?,003A0BB1,?), ref: 003A11A1
                                                                              • Part of subcall function 003A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003A0BB1,?), ref: 003A11A8
                                                                              • Part of subcall function 003A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003A0BB1,?), ref: 003A11B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 1d34c71ca5fc865993d3c42c208b4a13c2f9df8fd6bdbede7fe59b87c362ddef
                                                                            • Instruction ID: deb75a672100eaaacfa4b5aacb12e75cdb6f536cfa7ddaf25ef7abc36278fd19
                                                                            • Opcode Fuzzy Hash: 1d34c71ca5fc865993d3c42c208b4a13c2f9df8fd6bdbede7fe59b87c362ddef
                                                                            • Instruction Fuzzy Hash: FB718B7291121AABDF16DFA4EC44BAEBBBCFF05310F054215E914A7291D771E905CBA0
                                                                            Function 003BEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenClipboard.USER32(003DCC08), ref: 003BEB29
                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 003BEB37
                                                                            • GetClipboardData.USER32(0000000D), ref: 003BEB43
                                                                            • CloseClipboard.USER32 ref: 003BEB4F
                                                                            • GlobalLock.KERNEL32(00000000), ref: 003BEB87
                                                                            • CloseClipboard.USER32 ref: 003BEB91
                                                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 003BEBBC
                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 003BEBC9
                                                                            • GetClipboardData.USER32(00000001), ref: 003BEBD1
                                                                            • GlobalLock.KERNEL32(00000000), ref: 003BEBE2
                                                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 003BEC22
                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 003BEC38
                                                                            • GetClipboardData.USER32(0000000F), ref: 003BEC44
                                                                            • GlobalLock.KERNEL32(00000000), ref: 003BEC55
                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 003BEC77
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003BEC94
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003BECD2
                                                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 003BECF3
                                                                            • CountClipboardFormats.USER32 ref: 003BED14
                                                                            • CloseClipboard.USER32 ref: 003BED59
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                            • String ID:
                                                                            • API String ID: 420908878-0
                                                                            • Opcode ID: a0d32a248556bca67bb413e7fdfa18161433ff5c45ee37a0ef71524399124952
                                                                            • Instruction ID: 0f9bed9e9e4aedf30ec3e80a8529237f837ae8fee2f1c1061d915ca0039e90f4
                                                                            • Opcode Fuzzy Hash: a0d32a248556bca67bb413e7fdfa18161433ff5c45ee37a0ef71524399124952
                                                                            • Instruction Fuzzy Hash: C461F4352143029FD302EF28D895FAA77E8EF84708F08551EF5569B6A2CB71ED05CB62
                                                                            Function 003B698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003B69BE
                                                                            • FindClose.KERNEL32(00000000), ref: 003B6A12
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003B6A4E
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003B6A75
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 003B6AB2
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 003B6ADF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                            • API String ID: 3830820486-3289030164
                                                                            • Opcode ID: 577668ce614aa5b9ab892dd472e80135011b0b6e9b1340e229d25f5482c9b25c
                                                                            • Instruction ID: c8a314a7edafd2916bb20a325d2b2b49f38525f7bbd29116669ca538876f3b0b
                                                                            • Opcode Fuzzy Hash: 577668ce614aa5b9ab892dd472e80135011b0b6e9b1340e229d25f5482c9b25c
                                                                            • Instruction Fuzzy Hash: 47D154715083009FC711EBA4D986EAFB7ECAF88704F44491EF585DB191EB74EA48CB62
                                                                            Function 003B9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003B9663
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 003B96A1
                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 003B96BB
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 003B96D3
                                                                            • FindClose.KERNEL32(00000000), ref: 003B96DE
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 003B96FA
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B974A
                                                                            • SetCurrentDirectoryW.KERNEL32(00406B7C), ref: 003B9768
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 003B9772
                                                                            • FindClose.KERNEL32(00000000), ref: 003B977F
                                                                            • FindClose.KERNEL32(00000000), ref: 003B978F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                            • String ID: *.*
                                                                            • API String ID: 1409584000-438819550
                                                                            • Opcode ID: 26e4afb8191699392ca1b3472e0750a67fd2404c0a89486f7eadd1bff7c8a40b
                                                                            • Instruction ID: 1a3552c255ed5404ad74e3cab82f0e6e024074afcfa0c5d1afd57140bd2111b0
                                                                            • Opcode Fuzzy Hash: 26e4afb8191699392ca1b3472e0750a67fd2404c0a89486f7eadd1bff7c8a40b
                                                                            • Instruction Fuzzy Hash: D631E27252121A6ACF12AFB4EC49BDE37EC9F09324F114567FA05E21A0EB34DD40CA54
                                                                            Function 003B979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003B97BE
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 003B9819
                                                                            • FindClose.KERNEL32(00000000), ref: 003B9824
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 003B9840
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B9890
                                                                            • SetCurrentDirectoryW.KERNEL32(00406B7C), ref: 003B98AE
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 003B98B8
                                                                            • FindClose.KERNEL32(00000000), ref: 003B98C5
                                                                            • FindClose.KERNEL32(00000000), ref: 003B98D5
                                                                              • Part of subcall function 003ADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003ADB00
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                            • String ID: *.*
                                                                            • API String ID: 2640511053-438819550
                                                                            • Opcode ID: 9033969a80e604566d65ec2b13d15ec6b792bcf3914e6766b3f4d9e941ef3e6e
                                                                            • Instruction ID: c1fd4ce79c97f9be2a454657ab4f49e9083d252e225f2f6350e845e3d7736d76
                                                                            • Opcode Fuzzy Hash: 9033969a80e604566d65ec2b13d15ec6b792bcf3914e6766b3f4d9e941ef3e6e
                                                                            • Instruction Fuzzy Hash: 0B31F23251121A6ADF12EFB4EC48BDE77BC9F06324F118567EB14E25E0DB31DA84CA64
                                                                            Function 003CBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003CB6AE,?,?), ref: 003CC9B5
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CC9F1
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA68
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003CBF3E
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 003CBFA9
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CBFCD
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003CC02C
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003CC0E7
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003CC154
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003CC1E9
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 003CC23A
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003CC2E3
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003CC382
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CC38F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3102970594-0
                                                                            • Opcode ID: 59c9d1a0b2baa13a365e2fb0c0ed016c22e33868335727a0e38d016f787feba9
                                                                            • Instruction ID: 5c2079983cdb6936633dead4d11f9949aa27d0fb534a0588778e1f691fe1ccdb
                                                                            • Opcode Fuzzy Hash: 59c9d1a0b2baa13a365e2fb0c0ed016c22e33868335727a0e38d016f787feba9
                                                                            • Instruction Fuzzy Hash: 9F0239716142409FC716DF28C895F2ABBE5AF89308F19889DE84ACF2A2D731ED45CB51
                                                                            Function 003B8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLocalTime.KERNEL32(?), ref: 003B8257
                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 003B8267
                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003B8273
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003B8310
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B8324
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B8356
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003B838C
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B8395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                            • String ID: *.*
                                                                            • API String ID: 1464919966-438819550
                                                                            • Opcode ID: e3db7c34b910a0a65fc9379c0794e25aa91eb29ee7e95809dd156571179392e9
                                                                            • Instruction ID: c9c7423ca2edbe8070a7d9b68f4dadec6f33c3a4c001b2482691d4df6cbfd4b5
                                                                            • Opcode Fuzzy Hash: e3db7c34b910a0a65fc9379c0794e25aa91eb29ee7e95809dd156571179392e9
                                                                            • Instruction Fuzzy Hash: 33617A765143459FCB12EF64C840AAEB3ECFF89314F04891EFA898B651DB35E905CB92
                                                                            Function 003AD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00343AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00343A97,?,?,00342E7F,?,?,?,00000000), ref: 00343AC2
                                                                              • Part of subcall function 003AE199: GetFileAttributesW.KERNEL32(?,003ACF95), ref: 003AE19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003AD122
                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 003AD1DD
                                                                            • MoveFileW.KERNEL32(?,?), ref: 003AD1F0
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 003AD20D
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 003AD237
                                                                              • Part of subcall function 003AD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,003AD21C,?,?), ref: 003AD2B2
                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 003AD253
                                                                            • FindClose.KERNEL32(00000000), ref: 003AD264
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 1946585618-1173974218
                                                                            • Opcode ID: 7724b3a99bc4075bdd7b0d5a6c2f0920ca43ba9e839f24d3bf484f0ce37d8688
                                                                            • Instruction ID: 8ad8800ac643835e3fe0fe393b1cd2ee153ff3ce9ba10cae71ff1196a53727e6
                                                                            • Opcode Fuzzy Hash: 7724b3a99bc4075bdd7b0d5a6c2f0920ca43ba9e839f24d3bf484f0ce37d8688
                                                                            • Instruction Fuzzy Hash: DD616E3184114D9BCF06EBE0D992AEDB7B9EF56300F204566E4027B192EB30AF09CB60
                                                                            Function 003BED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                            • String ID:
                                                                            • API String ID: 1737998785-0
                                                                            • Opcode ID: 27dcedb17306bfdfc65abf92454eca270a813d7c6e98516a6be4c2000c5753d4
                                                                            • Instruction ID: db5356ffefd939eeb5a319a7fcd8eafbd8da853b715dd59f1346079bb55a556d
                                                                            • Opcode Fuzzy Hash: 27dcedb17306bfdfc65abf92454eca270a813d7c6e98516a6be4c2000c5753d4
                                                                            • Instruction Fuzzy Hash: 3741EF30215212AFE712CF19E888B99BBE8EF44318F05D09DE9158FA62C775EC41CB80
                                                                            Function 003AE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003A170D
                                                                              • Part of subcall function 003A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003A173A
                                                                              • Part of subcall function 003A16C3: GetLastError.KERNEL32 ref: 003A174A
                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 003AE932
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                            • API String ID: 2234035333-3163812486
                                                                            • Opcode ID: 62cb944c317300a0fcc7b54607f499ea809c40d79c0f94203531493b4cb2b704
                                                                            • Instruction ID: 17b542632cfb25ea5768e0c3ed5d6ecd28ff8b667a1f269e4a0d666b626e47ed
                                                                            • Opcode Fuzzy Hash: 62cb944c317300a0fcc7b54607f499ea809c40d79c0f94203531493b4cb2b704
                                                                            • Instruction Fuzzy Hash: A1014972620311ABEB5626B4AC8AFFF735CEB06740F16082AFC13F60D1D7AC5C4081A4
                                                                            Function 003C1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003C1276
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1283
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 003C12BA
                                                                            • WSAGetLastError.WSOCK32 ref: 003C12C5
                                                                            • closesocket.WSOCK32(00000000), ref: 003C12F4
                                                                            • listen.WSOCK32(00000000,00000005), ref: 003C1303
                                                                            • WSAGetLastError.WSOCK32 ref: 003C130D
                                                                            • closesocket.WSOCK32(00000000), ref: 003C133C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                            • String ID:
                                                                            • API String ID: 540024437-0
                                                                            • Opcode ID: ba3881dd1fae1d07442f27beeb1f8c2cb7855ffbe95053bd0aa2a68e97e9bd74
                                                                            • Instruction ID: 9d794d8ce1d29e3888d20a070d6de69e68d17e92f2bb4da7261c896bac06ffea
                                                                            • Opcode Fuzzy Hash: ba3881dd1fae1d07442f27beeb1f8c2cb7855ffbe95053bd0aa2a68e97e9bd74
                                                                            • Instruction Fuzzy Hash: 2441AD35A001419FD712DF24D488F2AFBE5AF46318F19858DE8568F2A7C731ED81DBA0
                                                                            Function 003AD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00343AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00343A97,?,?,00342E7F,?,?,?,00000000), ref: 00343AC2
                                                                              • Part of subcall function 003AE199: GetFileAttributesW.KERNEL32(?,003ACF95), ref: 003AE19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003AD420
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 003AD470
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 003AD481
                                                                            • FindClose.KERNEL32(00000000), ref: 003AD498
                                                                            • FindClose.KERNEL32(00000000), ref: 003AD4A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 2649000838-1173974218
                                                                            • Opcode ID: e308b34c6ca5fff8e1973acd8f13140ae4c5c5945bff51172e8978550ab28d76
                                                                            • Instruction ID: 0256816a9e138704853236ebed3e713266a7473de928400668152d6354e06fce
                                                                            • Opcode Fuzzy Hash: e308b34c6ca5fff8e1973acd8f13140ae4c5c5945bff51172e8978550ab28d76
                                                                            • Instruction Fuzzy Hash: BA3170710193459FC702EF64D8569AF77E8EE96304F444E1EF4D25B1A1EB30AA09C763
                                                                            Function 0037E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __floor_pentium4
                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                            • API String ID: 4168288129-2761157908
                                                                            • Opcode ID: fb4a72e0681c92d4beb463cad84a3fe148b23a65bdee15bfcea0fc7a659153cd
                                                                            • Instruction ID: 38e4480948d197e80aec07c5f67638f9d629278b11056bc1ab4c54df8004e0d5
                                                                            • Opcode Fuzzy Hash: fb4a72e0681c92d4beb463cad84a3fe148b23a65bdee15bfcea0fc7a659153cd
                                                                            • Instruction Fuzzy Hash: 70C21B71E086298FDB36CE289D407E9B7B9FB49315F1581EAD44DE7240E778AE818F40
                                                                            Function 003B648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 003B64DC
                                                                            • CoInitialize.OLE32(00000000), ref: 003B6639
                                                                            • CoCreateInstance.OLE32(003DFCF8,00000000,00000001,003DFB68,?), ref: 003B6650
                                                                            • CoUninitialize.OLE32 ref: 003B68D4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 886957087-24824748
                                                                            • Opcode ID: 74eb78adc6eed6f19a93634e00f191dbbf8f8533bb69cc3424a990d1041033c1
                                                                            • Instruction ID: db5be4ce87371888006cdb1f60a851edd7dbec206dd8d0eeb0b8705659ce26c2
                                                                            • Opcode Fuzzy Hash: 74eb78adc6eed6f19a93634e00f191dbbf8f8533bb69cc3424a990d1041033c1
                                                                            • Instruction Fuzzy Hash: 5AD139715082019FC315EF24C881EABB7E9FF95708F10496DF5958B2A2DB71ED09CB92
                                                                            Function 003C22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 003C22E8
                                                                              • Part of subcall function 003BE4EC: GetWindowRect.USER32(?,?), ref: 003BE504
                                                                            • GetDesktopWindow.USER32 ref: 003C2312
                                                                            • GetWindowRect.USER32(00000000), ref: 003C2319
                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 003C2355
                                                                            • GetCursorPos.USER32(?), ref: 003C2381
                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 003C23DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                            • String ID:
                                                                            • API String ID: 2387181109-0
                                                                            • Opcode ID: 59ad38491d1614b8e9cdc10955df483f1693b390befd2818d44d6bfb9ea21b7f
                                                                            • Instruction ID: efecd17249da82190f8179bb175d64d285124832a5bffb22c10563b7ce5807e0
                                                                            • Opcode Fuzzy Hash: 59ad38491d1614b8e9cdc10955df483f1693b390befd2818d44d6bfb9ea21b7f
                                                                            • Instruction Fuzzy Hash: D631DC72105346ABC722DF14D808F9BBBAAFB85710F000A1EF984D7181DB34EE08CB92
                                                                            Function 003B9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 003B9B78
                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 003B9C8B
                                                                              • Part of subcall function 003B3874: GetInputState.USER32 ref: 003B38CB
                                                                              • Part of subcall function 003B3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003B3966
                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 003B9BA8
                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 003B9C75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                            • String ID: *.*
                                                                            • API String ID: 1972594611-438819550
                                                                            • Opcode ID: c0cc2d8064153b77db5ef7bb366d2f224de62af150e4e52997091a29ac8791c7
                                                                            • Instruction ID: 12de3fc00d85610ac0617c03fb5c71ec732411c3fe3b8566d3c64bba871b0126
                                                                            • Opcode Fuzzy Hash: c0cc2d8064153b77db5ef7bb366d2f224de62af150e4e52997091a29ac8791c7
                                                                            • Instruction Fuzzy Hash: 1C414E7194420A9BDF16DFA4D889BEE7BF8EF05314F244156E605A7191EB30AE44CB60
                                                                            Function 00348060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00385DAA
                                                                            • VUUU, xrefs: 003483E8
                                                                            • ERCP, xrefs: 0034813C
                                                                            • VUUU, xrefs: 0034843C
                                                                            • VUUU, xrefs: 00385DF0
                                                                            • VUUU, xrefs: 003483FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                            • API String ID: 0-2009957334
                                                                            • Opcode ID: 68835d3d637170baee02205a080158226f970612b560f21b1431b430d3ad8d45
                                                                            • Instruction ID: e18e46aa053b8cfa5b656ffe923dae26720ff2f05bc773dfbb4c8d558c13f8d8
                                                                            • Opcode Fuzzy Hash: 68835d3d637170baee02205a080158226f970612b560f21b1431b430d3ad8d45
                                                                            • Instruction Fuzzy Hash: 9BA2AE70E0021ACBDF26DF58C8417AEB7B1BF54314F2585EAE815AB681DB74AD81CF90
                                                                            Function 0035997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00359A4E
                                                                            • GetSysColor.USER32(0000000F), ref: 00359B23
                                                                            • SetBkColor.GDI32(?,00000000), ref: 00359B36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongProcWindow
                                                                            • String ID:
                                                                            • API String ID: 3131106179-0
                                                                            • Opcode ID: 4ae7cdbb753ec45eb70051ba7871ba5cc3fae90c762e6d1050c7502bf63e866e
                                                                            • Instruction ID: 645cdad24a686f6f07c11307feed941543de4d9574ddd0b8bf5d76e52357acb8
                                                                            • Opcode Fuzzy Hash: 4ae7cdbb753ec45eb70051ba7871ba5cc3fae90c762e6d1050c7502bf63e866e
                                                                            • Instruction Fuzzy Hash: 92A12DB1228544EEEB27AB3C9C48FBB365DDB42341F17411BF902CAAF1CA259D05C275
                                                                            Function 003C1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003C307A
                                                                              • Part of subcall function 003C304E: _wcslen.LIBCMT ref: 003C309B
                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 003C185D
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1884
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 003C18DB
                                                                            • WSAGetLastError.WSOCK32 ref: 003C18E6
                                                                            • closesocket.WSOCK32(00000000), ref: 003C1915
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 1601658205-0
                                                                            • Opcode ID: 56cea04349c7aed289e2952775de3bcdb028de396513ffb065b7326161fc733a
                                                                            • Instruction ID: 87748379f6619c5c8e12d2a61eafa1e89c3100e86ae19d40100399dc0d13cfaa
                                                                            • Opcode Fuzzy Hash: 56cea04349c7aed289e2952775de3bcdb028de396513ffb065b7326161fc733a
                                                                            • Instruction Fuzzy Hash: B9519071A00210AFDB12AF24C886F2AB7E5AB45718F18849CF9069F393C771AD41DBA1
                                                                            Function 003D1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                            • String ID:
                                                                            • API String ID: 292994002-0
                                                                            • Opcode ID: 3906121ca71fde13617936a0e3b5fb431e3a71c16b72bf721a5a10d6b611cc0d
                                                                            • Instruction ID: ea5effb3378c798d08d4e60837cc28b3c730b48072f2215ddcd5320627a38092
                                                                            • Opcode Fuzzy Hash: 3906121ca71fde13617936a0e3b5fb431e3a71c16b72bf721a5a10d6b611cc0d
                                                                            • Instruction Fuzzy Hash: 632129327612016FD7228F1AE844F267BE9EF85310F19805AE845CB351CB71EC42CB90
                                                                            Function 003A8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003A82AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: ($tb@$|
                                                                            • API String ID: 1659193697-3099576147
                                                                            • Opcode ID: 9dc01f16710acf0bdeb14ab6846d032535d18b7a1322705f8475a83d2ae89091
                                                                            • Instruction ID: 58fb556454e45cc18d657d9b1afd261a86ef3ebf331155861d324ea4bff8fb87
                                                                            • Opcode Fuzzy Hash: 9dc01f16710acf0bdeb14ab6846d032535d18b7a1322705f8475a83d2ae89091
                                                                            • Instruction Fuzzy Hash: 43323578A007059FCB29CF59C481A6AB7F0FF48710B15C56EE59ADB7A1EB70E981CB40
                                                                            Function 003AAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 003AAAAC
                                                                            • SetKeyboardState.USER32(00000080), ref: 003AAAC8
                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 003AAB36
                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 003AAB88
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 0d1658fd442e148631e93b6fc08dd82f83f975c2afeafa311e108bf8513fcff9
                                                                            • Instruction ID: bea9c980697d07e5c3cbc4a17e0f24b94bcef8424453dfa32af7740c17462c61
                                                                            • Opcode Fuzzy Hash: 0d1658fd442e148631e93b6fc08dd82f83f975c2afeafa311e108bf8513fcff9
                                                                            • Instruction Fuzzy Hash: 9B313932A50A08AEFF37CB64CC05BFA7BAAEB46310F04421BF181965D1D3758981D7B2
                                                                            Function 0037BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 0037BB7F
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • GetTimeZoneInformation.KERNEL32 ref: 0037BB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0041121C,000000FF,?,0000003F,?,?), ref: 0037BC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,00411270,000000FF,?,0000003F,?,?,?,0041121C,000000FF,?,0000003F,?,?), ref: 0037BC36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                            • String ID:
                                                                            • API String ID: 806657224-0
                                                                            • Opcode ID: 5c1dd9ef4785fcb7603088b279f22938a718f1c37dff195c041a03706de95938
                                                                            • Instruction ID: ddcf3f47a3579af5fce90d34dd0c2a0485c88560e9510ee2257a40ee094e29bf
                                                                            • Opcode Fuzzy Hash: 5c1dd9ef4785fcb7603088b279f22938a718f1c37dff195c041a03706de95938
                                                                            • Instruction Fuzzy Hash: 2931A170904206DFCB22DF69DC80AA9FBB8FF46310B15C2AAE559EB2B1D7349D41CB54
                                                                            Function 003BCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 003BCE89
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 003BCEEA
                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 003BCEFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                            • String ID:
                                                                            • API String ID: 234945975-0
                                                                            • Opcode ID: fab2b74c0b42b79afa07b2ad8d7bee359141fe1e10d0ae9f19244414e9a8fce2
                                                                            • Instruction ID: bf76421fd296aa0e641d97e6d2bc64f248c8b655cb7ac5430d3338f5d9a23666
                                                                            • Opcode Fuzzy Hash: fab2b74c0b42b79afa07b2ad8d7bee359141fe1e10d0ae9f19244414e9a8fce2
                                                                            • Instruction Fuzzy Hash: 2321BD71A20306DBDB32DFA5D948BA777FCEB00319F10941EE64692951E774EE04CBA4
                                                                            Function 003B5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003B5CC1
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 003B5D17
                                                                            • FindClose.KERNEL32(?), ref: 003B5D5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: cb6d0b4ca602d6d935dfcdc713fe7b0d7716a0e750fd723327a2c7f2fc9f6249
                                                                            • Instruction ID: e4fb545702cb45eaeb1c740bdb3693410a91e089a9d2c9552de7ad078dd0680b
                                                                            • Opcode Fuzzy Hash: cb6d0b4ca602d6d935dfcdc713fe7b0d7716a0e750fd723327a2c7f2fc9f6249
                                                                            • Instruction Fuzzy Hash: 14518974604A019FC716DF28C494A96B7E4FF49318F15865EEA5A8B3A1CB30F905CB91
                                                                            Function 00372622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 0037271A
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00372724
                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00372731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                            • String ID:
                                                                            • API String ID: 3906539128-0
                                                                            • Opcode ID: ec0b70bd36a48a1312b1507e1a94c3a53e615b00762413f2cfbb71c252040993
                                                                            • Instruction ID: fd5cf2847817beae492b3ef07d89f83b324c6ead8d1a1b6bce894abd26de8531
                                                                            • Opcode Fuzzy Hash: ec0b70bd36a48a1312b1507e1a94c3a53e615b00762413f2cfbb71c252040993
                                                                            • Instruction Fuzzy Hash: C631D5749112189BCB26DF68DD8979DB7B8AF08310F5082EAE80CA7261E7349F81CF44
                                                                            Function 003B51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 003B51DA
                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003B5238
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 003B52A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                            • String ID:
                                                                            • API String ID: 1682464887-0
                                                                            • Opcode ID: 1c04b49383734df8de67d290d66ca8438e906197b49b616d4010dcffa3fc6363
                                                                            • Instruction ID: 0cedc7f26e47b42fe4295c666b3c46b634a1bcbd4e6cbe3a62cfd837b86c9538
                                                                            • Opcode Fuzzy Hash: 1c04b49383734df8de67d290d66ca8438e906197b49b616d4010dcffa3fc6363
                                                                            • Instruction Fuzzy Hash: DB315A35A105189FDB01DF54D884AADBBB4FF09318F048499E905AF362CB32E846CB90
                                                                            Function 003A16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0035FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00360668
                                                                              • Part of subcall function 0035FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00360685
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003A170D
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003A173A
                                                                            • GetLastError.KERNEL32 ref: 003A174A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                            • String ID:
                                                                            • API String ID: 577356006-0
                                                                            • Opcode ID: 3b9e06fbdd86be38bd79e9fb65bd766655f0b0af209a6c749b0c4a19dbabfcb4
                                                                            • Instruction ID: eb6103c36e3b091ebccd1407977b9b1ed2a57e17d361eb9c29294435fdf53c6a
                                                                            • Opcode Fuzzy Hash: 3b9e06fbdd86be38bd79e9fb65bd766655f0b0af209a6c749b0c4a19dbabfcb4
                                                                            • Instruction Fuzzy Hash: 6411BCB2820205AFD719AF54EC86D6AB7FDEB04714F20852EE45696251EB70FC41CA20
                                                                            Function 003AD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003AD608
                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 003AD645
                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003AD650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                            • String ID:
                                                                            • API String ID: 33631002-0
                                                                            • Opcode ID: 4fac0577b8c215eb35bdfe9fdd5995897331268600045d870c4cb9605fcdf667
                                                                            • Instruction ID: 8db0d5c76981a02a5992972f3cdfe261eda9f6b9a55ed26cc98a30089923e92a
                                                                            • Opcode Fuzzy Hash: 4fac0577b8c215eb35bdfe9fdd5995897331268600045d870c4cb9605fcdf667
                                                                            • Instruction Fuzzy Hash: 48118E75E05228BFDB118FA4EC44FAFBBBCEB45B50F108112F904E7290C2704A018BA1
                                                                            Function 003A1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 003A168C
                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003A16A1
                                                                            • FreeSid.ADVAPI32(?), ref: 003A16B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                            • String ID:
                                                                            • API String ID: 3429775523-0
                                                                            • Opcode ID: 45e2ca1d7048fce5c070a600c211159948a05c7a8c7aa3c9584a1892c24b91d7
                                                                            • Instruction ID: 5e696d488e05dd69cad0e696c9d0be493e58410aebc1ce3e4b80a3de45f24ba3
                                                                            • Opcode Fuzzy Hash: 45e2ca1d7048fce5c070a600c211159948a05c7a8c7aa3c9584a1892c24b91d7
                                                                            • Instruction Fuzzy Hash: ACF0F471961309FBDF01DFE49C89AAEBBBCEB08704F504565E901E2191E774EA448A50
                                                                            Function 0039D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0039D28C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID: X64
                                                                            • API String ID: 2645101109-893830106
                                                                            • Opcode ID: 8b5714a800a7c89362327e6c60ede8b02caa8bceb7900d54e4c601e562388474
                                                                            • Instruction ID: 35f693fba817b64cde4bff36099300647713f7594e67cc2be5f5b4ab0c0eb255
                                                                            • Opcode Fuzzy Hash: 8b5714a800a7c89362327e6c60ede8b02caa8bceb7900d54e4c601e562388474
                                                                            • Instruction Fuzzy Hash: FBD0C9B481111DEACF91CB90EC88DD9B37CBB04305F100552F506A2480D73095488F10
                                                                            Function 0036CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction ID: 8f9e4578271c914b13bfa5ffded5b37efad2d62b28c540e61e36210f186396af
                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction Fuzzy Hash: 15024B71E102199BDF15CFA9C8806ADFBF1EF88314F25816AD859EB384D731AE018B90
                                                                            Function 0034CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Variable is not of type 'Object'.$p#A
                                                                            • API String ID: 0-1342752299
                                                                            • Opcode ID: 3506ba6ef860ca1875c42b8ed3bcf9d35910eb2963da88acc8ce0337b78b351b
                                                                            • Instruction ID: 64f4e63983a11620727d113bed11b796e3f21aad422e9953668b9d5d98ac4a45
                                                                            • Opcode Fuzzy Hash: 3506ba6ef860ca1875c42b8ed3bcf9d35910eb2963da88acc8ce0337b78b351b
                                                                            • Instruction Fuzzy Hash: 4E327970911218DFCF5ADF90C980AEDB7F9BF05304F159069E806AF292DB75AE4ACB50
                                                                            Function 003B68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 003B6918
                                                                            • FindClose.KERNEL32(00000000), ref: 003B6961
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: 4b53b5ab1f7ec5015380ee4a105f32cd9b2dedb718607522a44a29fbfadc0f6b
                                                                            • Instruction ID: e52eb0425eeef6afa79a61d720cf750b78de90eb72118095f846b77417691062
                                                                            • Opcode Fuzzy Hash: 4b53b5ab1f7ec5015380ee4a105f32cd9b2dedb718607522a44a29fbfadc0f6b
                                                                            • Instruction Fuzzy Hash: FA11E2316142019FC711CF29D485A16BBE4FF85328F05C699F9698F7A2C734EC05CB90
                                                                            Function 003B37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,003C4891,?,?,00000035,?), ref: 003B37E4
                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,003C4891,?,?,00000035,?), ref: 003B37F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatLastMessage
                                                                            • String ID:
                                                                            • API String ID: 3479602957-0
                                                                            • Opcode ID: 3eccd08afc1215c372d837596cd3e80f332ae6e17dd59585159b1d52867e24d2
                                                                            • Instruction ID: 0ccb1214e14a63d2f3c0d81824b22b57de1d1393e73dcb06013635d2c079a810
                                                                            • Opcode Fuzzy Hash: 3eccd08afc1215c372d837596cd3e80f332ae6e17dd59585159b1d52867e24d2
                                                                            • Instruction Fuzzy Hash: 74F0EC706153396AD71117655C4DFDB379DEFC4765F000265F609D2581D9605D04C7B0
                                                                            Function 003AB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 003AB25D
                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 003AB270
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InputSendkeybd_event
                                                                            • String ID:
                                                                            • API String ID: 3536248340-0
                                                                            • Opcode ID: 6f6e78efa638b91882982cd5c0ef1bdcdaedacbbdd7364c531733eaf8a76230f
                                                                            • Instruction ID: e96bc791ecee612fee9ade29ed81a0a2e6f2bf296604c3780ffb64e1562b40c2
                                                                            • Opcode Fuzzy Hash: 6f6e78efa638b91882982cd5c0ef1bdcdaedacbbdd7364c531733eaf8a76230f
                                                                            • Instruction Fuzzy Hash: D6F01D7181424EABDB069FA1D805BAEBBB4FF05305F00944AF955A5192C3798611DF94
                                                                            Function 003A10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003A11FC), ref: 003A10D4
                                                                            • CloseHandle.KERNEL32(?,?,003A11FC), ref: 003A10E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 81990902-0
                                                                            • Opcode ID: 87435a4f94eb6a3d2ecc0a3085b9a61dc09908f4b2ba42bb89a2974e2f656dcb
                                                                            • Instruction ID: 10e22356888c9e57b7114efac85af010f19f8191df09abecd4bd7e35bd782ef9
                                                                            • Opcode Fuzzy Hash: 87435a4f94eb6a3d2ecc0a3085b9a61dc09908f4b2ba42bb89a2974e2f656dcb
                                                                            • Instruction Fuzzy Hash: D6E04F32024601AEE7262B11FC06E7377EDEB04311F10882EF8A5844B5DB62AC90DB10
                                                                            Function 0037676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00376766,?,?,00000008,?,?,0037FEFE,00000000), ref: 00376998
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionRaise
                                                                            • String ID:
                                                                            • API String ID: 3997070919-0
                                                                            • Opcode ID: 629b795e05bd034681a36a65b99cc6ef3e63a37db5534994a4bdfb6d3070d5bc
                                                                            • Instruction ID: c01c6b0a1850bea2574d68415eb99b0976ff01de10009c98fd4cb7eaff4a96fc
                                                                            • Opcode Fuzzy Hash: 629b795e05bd034681a36a65b99cc6ef3e63a37db5534994a4bdfb6d3070d5bc
                                                                            • Instruction Fuzzy Hash: D6B15B71510A099FD72ACF28C496B657BE0FF45364F26C658E89DCF2A2C339D985CB40
                                                                            Function 0035B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 4def34c697595243baa9cb300a717080041f3a2d34f6a6f7b4f32104ceb534cb
                                                                            • Instruction ID: fc45648b7f1af524953ef8e0a22d793d5b0146f4472db2f6d6d5ab58c5a46483
                                                                            • Opcode Fuzzy Hash: 4def34c697595243baa9cb300a717080041f3a2d34f6a6f7b4f32104ceb534cb
                                                                            • Instruction Fuzzy Hash: D3125F759002299FCF26CF59C880AEEB7F5FF49710F15819AE849EB251DB309E85CB90
                                                                            Function 003BEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BlockInput.USER32(00000001), ref: 003BEABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BlockInput
                                                                            • String ID:
                                                                            • API String ID: 3456056419-0
                                                                            • Opcode ID: 5df69fd4a2229e95f13384ecbf447c2cfe30b532f314cc9a7cb8573b89a5ed89
                                                                            • Instruction ID: 559db8134e0ff83849dde570768ff1757160d708ebe2dcd95dd05b9dab4f7cf4
                                                                            • Opcode Fuzzy Hash: 5df69fd4a2229e95f13384ecbf447c2cfe30b532f314cc9a7cb8573b89a5ed89
                                                                            • Instruction Fuzzy Hash: 06E01A312202049FC711EF69D804E9AF7EDAF98764F008416FD49CB6A1DA70E8408B90
                                                                            Function 003609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,003603EE), ref: 003609DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled
                                                                            • String ID:
                                                                            • API String ID: 3192549508-0
                                                                            • Opcode ID: 902e78d64cf5cc52391b80553ec8b0c89ba44902a16fc63981aaf9e5b52f7065
                                                                            • Instruction ID: d60db3601907482510a5cc5181d7dd28c4a22c8858dc996fde7a19a25a440593
                                                                            • Opcode Fuzzy Hash: 902e78d64cf5cc52391b80553ec8b0c89ba44902a16fc63981aaf9e5b52f7065
                                                                            • Instruction Fuzzy Hash:
                                                                            Function 0036781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0
                                                                            • API String ID: 0-4108050209
                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction ID: 70fec9ec28b8ae148615f96dc34f5fb978b6ca2cba771dbb0dbe9769b6d2cee4
                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction Fuzzy Hash: 8451567160C6055ADB3B8678885F7BE23D99B0234CFD9CA09D882CB78EC715EE41D366
                                                                            Function 003B2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0&A
                                                                            • API String ID: 0-422563488
                                                                            • Opcode ID: 352583740ef1d0962f3c875a4b2a0046414656e0ae1304d177eaf0065fb8d52a
                                                                            • Instruction ID: 3b8ee4b02279b2f3641b2ddb7e37430cfccfdc463fa221ebb9b3764e6b6ed632
                                                                            • Opcode Fuzzy Hash: 352583740ef1d0962f3c875a4b2a0046414656e0ae1304d177eaf0065fb8d52a
                                                                            • Instruction Fuzzy Hash: 3121D5322206118BD728CE79C9226BE73E5A754314F158A2EE4A7C77D0DE79A904CB84
                                                                            Function 00376DD9 Relevance: .6, Instructions: 637COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 29bc83a1d2ad4cbf995768b84e143a8ae67cb849d432976814d3cff7d5c1136a
                                                                            • Instruction ID: 76ed6820870d605d252ce36cdeeb4bed1e3d3ecf57e3b466c7903c7aca2eb4a6
                                                                            • Opcode Fuzzy Hash: 29bc83a1d2ad4cbf995768b84e143a8ae67cb849d432976814d3cff7d5c1136a
                                                                            • Instruction Fuzzy Hash: C6323522D29F414DD7339634CC62336A68DAFB73D5F15D737E82AB99A6EB29C4834100
                                                                            Function 0035CC39 Relevance: .6, Instructions: 635COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a940087837cf2fa142b218c41d955873191a4830aec725dda68374f982f71698
                                                                            • Instruction ID: ed687ed7786508c2bc66dd309b7976db3554f6a93085f9269e270b8cca4d57e3
                                                                            • Opcode Fuzzy Hash: a940087837cf2fa142b218c41d955873191a4830aec725dda68374f982f71698
                                                                            • Instruction Fuzzy Hash: 03327D31A202058FDF27CF28C490A7D7BA5EF45305F2AA526D85ADB6A2D330DD86DB40
                                                                            Function 00347920 Relevance: .6, Instructions: 563COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 974df4e1ddd1eaa96e515f17085b8dd41260bf8339f67c1c83cac273023b365e
                                                                            • Instruction ID: 570c58f821fda8042394a612e2ebe5396e8fba8286a9103a7d6089505bac8912
                                                                            • Opcode Fuzzy Hash: 974df4e1ddd1eaa96e515f17085b8dd41260bf8339f67c1c83cac273023b365e
                                                                            • Instruction Fuzzy Hash: 4F22D3B0A04609DFDF16DFA4C981AAEB7F5FF44300F204569E812EB291EB36AD15CB50
                                                                            Function 003491C0 Relevance: .5, Instructions: 475COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0209b646a5f4c7c865065384c9de7622e5358391477527eddfae260b215ca02c
                                                                            • Instruction ID: 545e17fa04c173105c73826dc88a2f241dc3c7497069646f4f1a22a8a9343eb4
                                                                            • Opcode Fuzzy Hash: 0209b646a5f4c7c865065384c9de7622e5358391477527eddfae260b215ca02c
                                                                            • Instruction Fuzzy Hash: 1E02A6B1E00209EFDB06EF54D981AAEB7F5FF44300F1185A9E8169F291E731EA14CB95
                                                                            Function 00379EEE Relevance: .3, Instructions: 294COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddae849eb777657e5bf9408f3a5d747c3e6e3e8bca34bbc466cd94aebf18fb46
                                                                            • Instruction ID: 0d6a2e0382cffd30909e46f928e27c890a9b1905376cb32f3283d222c8cbb86b
                                                                            • Opcode Fuzzy Hash: ddae849eb777657e5bf9408f3a5d747c3e6e3e8bca34bbc466cd94aebf18fb46
                                                                            • Instruction Fuzzy Hash: F8B12524D2AF804DD33396398875336B65CAFBB2C5F91D71BFC2679DA2EB2285834140
                                                                            Function 00361C77 Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction ID: 57eb32463a1699e3acf35fc67bb34364529e56e33c46156fc5eee5d6f3c567a5
                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction Fuzzy Hash: B89177725090E34ADB6F463E857403EFFE15A923A131F479ED4F2CA1C9EE20C964E620
                                                                            Function 00361F32 Relevance: .2, Instructions: 244COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction ID: 0b0888e58994096db51e4fb9711c1a9a0874b302ff307b877325d133decf6f50
                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction Fuzzy Hash: D291467220D4A349DB6F473A857403FFFE15A923A131F879DD4F2CA5C9EE248564E620
                                                                            Function 003619B0 Relevance: .2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction ID: b752282e17b37d35159b91e93ddd069eff6e538cc509079d94eaa8bdcb7ed636
                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction Fuzzy Hash: F19152722090E34ADB6F427A857403EFFE55A923A231F879DD4F2CB5C9FE14C564A620
                                                                            Function 00367A4A Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b72eccf640bf66d8c414cff6bff9dd131304de2819213a6d68f7ab60dd22a499
                                                                            • Instruction ID: 37eb70aeed5921c5fe9d9884a6aab872a7647dc087f0849ec8da1e6c80ac39f6
                                                                            • Opcode Fuzzy Hash: b72eccf640bf66d8c414cff6bff9dd131304de2819213a6d68f7ab60dd22a499
                                                                            • Instruction Fuzzy Hash: BB61793120834956DA379AA8C8A5BBE2398DF4170CFE1CA19E843DF38DDA519E42C355
                                                                            Function 00367CA7 Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 148f4e5b2bd3de8c6c2ba9c1445c652e16bae60d6760ef95262187ea97741bb2
                                                                            • Instruction ID: 31b8a0247ef97801a6584958675d999552e862de9670f8c9efa9053beb789a26
                                                                            • Opcode Fuzzy Hash: 148f4e5b2bd3de8c6c2ba9c1445c652e16bae60d6760ef95262187ea97741bb2
                                                                            • Instruction Fuzzy Hash: 0561AC3120870953DF3B9A288895BBF2388DF4274CFD1CD59E943DF68DEA129D468355
                                                                            Function 00361706 Relevance: .2, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction ID: e1d5a5bf63833172e72a2b6494997c2858de8700825246b48bd97f16b5bca11d
                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction Fuzzy Hash: A88163726090E30EDB6F863A853443EFFE15A923A131F879DD4F2CB5C9EE248554E660
                                                                            Function 003C2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 003C2B30
                                                                            • DeleteObject.GDI32(00000000), ref: 003C2B43
                                                                            • DestroyWindow.USER32 ref: 003C2B52
                                                                            • GetDesktopWindow.USER32 ref: 003C2B6D
                                                                            • GetWindowRect.USER32(00000000), ref: 003C2B74
                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 003C2CA3
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 003C2CB1
                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2CF8
                                                                            • GetClientRect.USER32(00000000,?), ref: 003C2D04
                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003C2D40
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2D62
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2D75
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2D80
                                                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2D89
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2D98
                                                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2DA1
                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2DA8
                                                                            • GlobalFree.KERNEL32(00000000), ref: 003C2DB3
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2DC5
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,003DFC38,00000000), ref: 003C2DDB
                                                                            • GlobalFree.KERNEL32(00000000), ref: 003C2DEB
                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 003C2E11
                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 003C2E30
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C2E52
                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003C303F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                            • API String ID: 2211948467-2373415609
                                                                            • Opcode ID: 5a28a6685308a2548b905f5a8ec128f0124a7c7567db7aeede2a7e40cdcdf5f9
                                                                            • Instruction ID: b02d658e9c6119808f281f6fc7bd353906321378038614a1d7fde4d69023c372
                                                                            • Opcode Fuzzy Hash: 5a28a6685308a2548b905f5a8ec128f0124a7c7567db7aeede2a7e40cdcdf5f9
                                                                            • Instruction Fuzzy Hash: 11028E71910219AFDB16DF64DC89EAEBBB9FF49310F048559F915AB2A1CB70ED00CB60
                                                                            Function 003D70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetTextColor.GDI32(?,00000000), ref: 003D712F
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 003D7160
                                                                            • GetSysColor.USER32(0000000F), ref: 003D716C
                                                                            • SetBkColor.GDI32(?,000000FF), ref: 003D7186
                                                                            • SelectObject.GDI32(?,?), ref: 003D7195
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 003D71C0
                                                                            • GetSysColor.USER32(00000010), ref: 003D71C8
                                                                            • CreateSolidBrush.GDI32(00000000), ref: 003D71CF
                                                                            • FrameRect.USER32(?,?,00000000), ref: 003D71DE
                                                                            • DeleteObject.GDI32(00000000), ref: 003D71E5
                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 003D7230
                                                                            • FillRect.USER32(?,?,?), ref: 003D7262
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D7284
                                                                              • Part of subcall function 003D73E8: GetSysColor.USER32(00000012), ref: 003D7421
                                                                              • Part of subcall function 003D73E8: SetTextColor.GDI32(?,?), ref: 003D7425
                                                                              • Part of subcall function 003D73E8: GetSysColorBrush.USER32(0000000F), ref: 003D743B
                                                                              • Part of subcall function 003D73E8: GetSysColor.USER32(0000000F), ref: 003D7446
                                                                              • Part of subcall function 003D73E8: GetSysColor.USER32(00000011), ref: 003D7463
                                                                              • Part of subcall function 003D73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003D7471
                                                                              • Part of subcall function 003D73E8: SelectObject.GDI32(?,00000000), ref: 003D7482
                                                                              • Part of subcall function 003D73E8: SetBkColor.GDI32(?,00000000), ref: 003D748B
                                                                              • Part of subcall function 003D73E8: SelectObject.GDI32(?,?), ref: 003D7498
                                                                              • Part of subcall function 003D73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 003D74B7
                                                                              • Part of subcall function 003D73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003D74CE
                                                                              • Part of subcall function 003D73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 003D74DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                            • String ID:
                                                                            • API String ID: 4124339563-0
                                                                            • Opcode ID: 6e4c25d00943e02834f435d2cceab9008daa4150786f0a0d0ca6e2538d47dda2
                                                                            • Instruction ID: ff8f5c0904b89925f71c85d4e1413b3ab1264f709e1d2607e48bbc15463beb26
                                                                            • Opcode Fuzzy Hash: 6e4c25d00943e02834f435d2cceab9008daa4150786f0a0d0ca6e2538d47dda2
                                                                            • Instruction Fuzzy Hash: C4A1A272029312AFDB029F60EC48E5BBBADFF49321F101B1AF962961E1D771E944CB51
                                                                            Function 00358D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 00358E14
                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00396AC5
                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00396AFE
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00396F43
                                                                              • Part of subcall function 00358F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00358BE8,?,00000000,?,?,?,?,00358BBA,00000000,?), ref: 00358FC5
                                                                            • SendMessageW.USER32(?,00001053), ref: 00396F7F
                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00396F96
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00396FAC
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00396FB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                            • String ID: 0
                                                                            • API String ID: 2760611726-4108050209
                                                                            • Opcode ID: f7c7fe61e66da0c295e3af4449408ff108db01371fe907ab3ee045a2d6561844
                                                                            • Instruction ID: e8de4877051ffd8936b2ce0d943629137bdda03a5ae9940b5572d1135c85c5ee
                                                                            • Opcode Fuzzy Hash: f7c7fe61e66da0c295e3af4449408ff108db01371fe907ab3ee045a2d6561844
                                                                            • Instruction Fuzzy Hash: 8512DA30612202DFCB22CF24D996BAAB7F9FB44301F158029F9959B661CB31EC55CB91
                                                                            Function 003C2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000), ref: 003C273E
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 003C286A
                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 003C28A9
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 003C28B9
                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 003C2900
                                                                            • GetClientRect.USER32(00000000,?), ref: 003C290C
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 003C2955
                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003C2964
                                                                            • GetStockObject.GDI32(00000011), ref: 003C2974
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 003C2978
                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 003C2988
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003C2991
                                                                            • DeleteDC.GDI32(00000000), ref: 003C299A
                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003C29C6
                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 003C29DD
                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 003C2A1D
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003C2A31
                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 003C2A42
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 003C2A77
                                                                            • GetStockObject.GDI32(00000011), ref: 003C2A82
                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003C2A8D
                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 003C2A97
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                            • API String ID: 2910397461-517079104
                                                                            • Opcode ID: 62396a6f399bb3ad7875c3d300bf2d80bdf033748a8b536b2f95d13e3f1914c8
                                                                            • Instruction ID: 979b1c1d7d9febed58f88f07f807a9b3d5bd76c276a7024f72d68837a0cccf46
                                                                            • Opcode Fuzzy Hash: 62396a6f399bb3ad7875c3d300bf2d80bdf033748a8b536b2f95d13e3f1914c8
                                                                            • Instruction Fuzzy Hash: 9EB16071A50219AFEB15DF68DC85FAFBBA9EB04710F008159FA15EB2A0D770ED40CB54
                                                                            Function 003B4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 003B4AED
                                                                            • GetDriveTypeW.KERNEL32(?,003DCB68,?,\\.\,003DCC08), ref: 003B4BCA
                                                                            • SetErrorMode.KERNEL32(00000000,003DCB68,?,\\.\,003DCC08), ref: 003B4D36
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DriveType
                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                            • API String ID: 2907320926-4222207086
                                                                            • Opcode ID: f90744d01255fc505c815ec4e418bdb4fa6c14ba57560835b44a5f7a38e74509
                                                                            • Instruction ID: 8a3c7731e5cc22e185bfb63248319824d3d879209aaa4c8cf0e650709028ba01
                                                                            • Opcode Fuzzy Hash: f90744d01255fc505c815ec4e418bdb4fa6c14ba57560835b44a5f7a38e74509
                                                                            • Instruction Fuzzy Hash: 4561C630705205ABCB06DF14C981AF97BA4EF04B08B218426FA07AFE97DB35ED55DB49
                                                                            Function 003D73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000012), ref: 003D7421
                                                                            • SetTextColor.GDI32(?,?), ref: 003D7425
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 003D743B
                                                                            • GetSysColor.USER32(0000000F), ref: 003D7446
                                                                            • CreateSolidBrush.GDI32(?), ref: 003D744B
                                                                            • GetSysColor.USER32(00000011), ref: 003D7463
                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 003D7471
                                                                            • SelectObject.GDI32(?,00000000), ref: 003D7482
                                                                            • SetBkColor.GDI32(?,00000000), ref: 003D748B
                                                                            • SelectObject.GDI32(?,?), ref: 003D7498
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 003D74B7
                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003D74CE
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 003D74DB
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003D752A
                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 003D7554
                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 003D7572
                                                                            • DrawFocusRect.USER32(?,?), ref: 003D757D
                                                                            • GetSysColor.USER32(00000011), ref: 003D758E
                                                                            • SetTextColor.GDI32(?,00000000), ref: 003D7596
                                                                            • DrawTextW.USER32(?,003D70F5,000000FF,?,00000000), ref: 003D75A8
                                                                            • SelectObject.GDI32(?,?), ref: 003D75BF
                                                                            • DeleteObject.GDI32(?), ref: 003D75CA
                                                                            • SelectObject.GDI32(?,?), ref: 003D75D0
                                                                            • DeleteObject.GDI32(?), ref: 003D75D5
                                                                            • SetTextColor.GDI32(?,?), ref: 003D75DB
                                                                            • SetBkColor.GDI32(?,?), ref: 003D75E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                            • String ID:
                                                                            • API String ID: 1996641542-0
                                                                            • Opcode ID: a3837c65ad4f94cafeb62b6753e0019d6b992b22c7f1487b7117b1bd6a2bd9ba
                                                                            • Instruction ID: 1046d0499a4fe3e6f4aea1fdb2c07088a97cf08f8aa69609a35046b56311977a
                                                                            • Opcode Fuzzy Hash: a3837c65ad4f94cafeb62b6753e0019d6b992b22c7f1487b7117b1bd6a2bd9ba
                                                                            • Instruction Fuzzy Hash: 9B617272911219AFDF029FA4EC49EEEBF79EF09320F115116F915AB2A1D7709940CF90
                                                                            Function 003D0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 003D1128
                                                                            • GetDesktopWindow.USER32 ref: 003D113D
                                                                            • GetWindowRect.USER32(00000000), ref: 003D1144
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D1199
                                                                            • DestroyWindow.USER32(?), ref: 003D11B9
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 003D11ED
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003D120B
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003D121D
                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 003D1232
                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 003D1245
                                                                            • IsWindowVisible.USER32(00000000), ref: 003D12A1
                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 003D12BC
                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 003D12D0
                                                                            • GetWindowRect.USER32(00000000,?), ref: 003D12E8
                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 003D130E
                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 003D1328
                                                                            • CopyRect.USER32(?,?), ref: 003D133F
                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 003D13AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                            • String ID: ($0$tooltips_class32
                                                                            • API String ID: 698492251-4156429822
                                                                            • Opcode ID: fddd25593c2cae368185bcf7bab593a3c5318315c412d6d426919f716095e04b
                                                                            • Instruction ID: 8af2c8a4b0502ff260bfd1f899f1baeea20fb5a472d1485fbc6506c6945f52a1
                                                                            • Opcode Fuzzy Hash: fddd25593c2cae368185bcf7bab593a3c5318315c412d6d426919f716095e04b
                                                                            • Instruction Fuzzy Hash: 36B18D72618341AFD715DF64E884B6BFBE8FF84350F00891AF9999B2A1C771E844CB91
                                                                            Function 00358891 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 282windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00358968
                                                                            • GetSystemMetrics.USER32(00000007), ref: 00358970
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0035899B
                                                                            • GetSystemMetrics.USER32(00000008), ref: 003589A3
                                                                            • GetSystemMetrics.USER32(00000004), ref: 003589C8
                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003589E5
                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 003589F5
                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00358A28
                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00358A3C
                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00358A5A
                                                                            • GetStockObject.GDI32(00000011), ref: 00358A76
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00358A81
                                                                              • Part of subcall function 0035912D: GetCursorPos.USER32(?), ref: 00359141
                                                                              • Part of subcall function 0035912D: ScreenToClient.USER32(00000000,?), ref: 0035915E
                                                                              • Part of subcall function 0035912D: GetAsyncKeyState.USER32(00000001), ref: 00359183
                                                                              • Part of subcall function 0035912D: GetAsyncKeyState.USER32(00000002), ref: 0035919D
                                                                            • SetTimer.USER32(00000000,00000000,00000028,003590FC), ref: 00358AA8
                                                                            Strings
                                                                            • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 003589BE
                                                                            • AutoIt v3 GUI, xrefs: 00358A20
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                            • String ID: AutoIt v3 GUI$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                                            • API String ID: 1458621304-3716850183
                                                                            • Opcode ID: 238c33eca951a6bc1d3c8f98e2b20f3dc796ee2ecb732f9d3dc662385ee509ac
                                                                            • Instruction ID: 8c937c781f69846155e064126d6fc877b5aab812d562448dec0b12f52c99e186
                                                                            • Opcode Fuzzy Hash: 238c33eca951a6bc1d3c8f98e2b20f3dc796ee2ecb732f9d3dc662385ee509ac
                                                                            • Instruction Fuzzy Hash: 5AB17D71A1120A9FDF16DFA8D845FEE3BB5FB48315F11412AFA15AB2A0DB34E840CB54
                                                                            Function 003A0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003A1114
                                                                              • Part of subcall function 003A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1120
                                                                              • Part of subcall function 003A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A112F
                                                                              • Part of subcall function 003A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1136
                                                                              • Part of subcall function 003A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003A114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003A0DF5
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003A0E29
                                                                            • GetLengthSid.ADVAPI32(?), ref: 003A0E40
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 003A0E7A
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003A0E96
                                                                            • GetLengthSid.ADVAPI32(?), ref: 003A0EAD
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 003A0EB5
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 003A0EBC
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003A0EDD
                                                                            • CopySid.ADVAPI32(00000000), ref: 003A0EE4
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003A0F13
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003A0F35
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 003A0F47
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0F6E
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0F75
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0F7E
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0F85
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A0F8E
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0F95
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 003A0FA1
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A0FA8
                                                                              • Part of subcall function 003A1193: GetProcessHeap.KERNEL32(00000008,003A0BB1,?,00000000,?,003A0BB1,?), ref: 003A11A1
                                                                              • Part of subcall function 003A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,003A0BB1,?), ref: 003A11A8
                                                                              • Part of subcall function 003A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,003A0BB1,?), ref: 003A11B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 071b314d8bfba31d9ab6e5be66e1055e640f6e92fa099595aca01cb880bfb368
                                                                            • Instruction ID: 43f9607d3052a0b68894f857e91b7ed50ec05d5f2869f8f7790e24928d830d76
                                                                            • Opcode Fuzzy Hash: 071b314d8bfba31d9ab6e5be66e1055e640f6e92fa099595aca01cb880bfb368
                                                                            • Instruction Fuzzy Hash: 11715A7291121AEFDF269FA4EC44FAEBBBCFF06301F058116E919B6191D731A905CB60
                                                                            Function 003CC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003CC4BD
                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,003DCC08,00000000,?,00000000,?,?), ref: 003CC544
                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 003CC5A4
                                                                            • _wcslen.LIBCMT ref: 003CC5F4
                                                                            • _wcslen.LIBCMT ref: 003CC66F
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 003CC6B2
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 003CC7C1
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 003CC84D
                                                                            • RegCloseKey.ADVAPI32(?), ref: 003CC881
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CC88E
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 003CC960
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                            • API String ID: 9721498-966354055
                                                                            • Opcode ID: f11683e92afbb8fd8e8fd88623754918dbbf5c3470b91dd0cceff1c44c3afa4d
                                                                            • Instruction ID: b4e04a646fff60e98a5f97dbbb2d7f6ae5d0e210873c5a945fa6e396944d272e
                                                                            • Opcode Fuzzy Hash: f11683e92afbb8fd8e8fd88623754918dbbf5c3470b91dd0cceff1c44c3afa4d
                                                                            • Instruction Fuzzy Hash: B81231356142119FCB16DF24C881E2AB7E5EF89714F05889DF88A9F2A2DB31FC41CB81
                                                                            Function 003D091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 003D09C6
                                                                            • _wcslen.LIBCMT ref: 003D0A01
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003D0A54
                                                                            • _wcslen.LIBCMT ref: 003D0A8A
                                                                            • _wcslen.LIBCMT ref: 003D0B06
                                                                            • _wcslen.LIBCMT ref: 003D0B81
                                                                              • Part of subcall function 0035F9F2: _wcslen.LIBCMT ref: 0035F9FD
                                                                              • Part of subcall function 003A2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003A2BFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                            • API String ID: 1103490817-4258414348
                                                                            • Opcode ID: 3225e74da3958fa16d4ea5aaf40e4163f7d2aa8bc7bea984644137a9fa4d0451
                                                                            • Instruction ID: 029c476de8606bbdb3bff5913f8b49f219eb1f2912a21d9bee08cdb380b68070
                                                                            • Opcode Fuzzy Hash: 3225e74da3958fa16d4ea5aaf40e4163f7d2aa8bc7bea984644137a9fa4d0451
                                                                            • Instruction Fuzzy Hash: C9E1AE326087018FC71ADF24C450A2AB7E2FF99714F11895EF8966B3A2D730ED45CB81
                                                                            Function 003CC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                            • API String ID: 1256254125-909552448
                                                                            • Opcode ID: 123b4d11ad5d886af76045ae007ccead283ce73bde8a117a06651d0bd5a25007
                                                                            • Instruction ID: 94afc21fe0325ebd28bf76c19fca5aec6937909683a6f71d515446b6e3f153ab
                                                                            • Opcode Fuzzy Hash: 123b4d11ad5d886af76045ae007ccead283ce73bde8a117a06651d0bd5a25007
                                                                            • Instruction Fuzzy Hash: 20710632A2052A8BCB12DE7CC841FBA3395AB60750B12552DFC5EEB284E735ED45C3A1
                                                                            Function 003D833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 003D835A
                                                                            • _wcslen.LIBCMT ref: 003D836E
                                                                            • _wcslen.LIBCMT ref: 003D8391
                                                                            • _wcslen.LIBCMT ref: 003D83B4
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 003D83F2
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,003D361A,?), ref: 003D844E
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003D8487
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 003D84CA
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003D8501
                                                                            • FreeLibrary.KERNEL32(?), ref: 003D850D
                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003D851D
                                                                            • DestroyIcon.USER32(?), ref: 003D852C
                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 003D8549
                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 003D8555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                            • String ID: .dll$.exe$.icl
                                                                            • API String ID: 799131459-1154884017
                                                                            • Opcode ID: 05d7750764bde5147dc4789b44044ff854b100339ec10dd0410cbd408b3c13de
                                                                            • Instruction ID: e51b430375d8cb8336610ed13f003911f1d57db600c5648605416e4f892b12e1
                                                                            • Opcode Fuzzy Hash: 05d7750764bde5147dc4789b44044ff854b100339ec10dd0410cbd408b3c13de
                                                                            • Instruction Fuzzy Hash: 3061F072910216BAEB16CF65EC41BBF77ACFB05B10F10460AF815DA2D1DB74AA90C7A0
                                                                            Function 00347778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                            • API String ID: 0-1645009161
                                                                            • Opcode ID: 7a11d132432c24d25f300abbc0763526c5239e423d61c03eb40e7216fe69cce3
                                                                            • Instruction ID: 665323f235545165bf8f74c3617836527b7bc3409e5f19dfe0823d13a89b461e
                                                                            • Opcode Fuzzy Hash: 7a11d132432c24d25f300abbc0763526c5239e423d61c03eb40e7216fe69cce3
                                                                            • Instruction Fuzzy Hash: 5F81F371A44205ABDB23AF60DC42FBE7BE8EF15300F018465F805AF296EB71EA15C791
                                                                            Function 003B3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?), ref: 003B3EF8
                                                                            • _wcslen.LIBCMT ref: 003B3F03
                                                                            • _wcslen.LIBCMT ref: 003B3F5A
                                                                            • _wcslen.LIBCMT ref: 003B3F98
                                                                            • GetDriveTypeW.KERNEL32(?), ref: 003B3FD6
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003B401E
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003B4059
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003B4087
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                            • API String ID: 1839972693-4113822522
                                                                            • Opcode ID: 4306c1ef4dae0a4b29ef203fcf57cccf8875359b4f024cb98054127ea7f99c9a
                                                                            • Instruction ID: dc4145588efb2aafac7b0031b64fca78b1b93f9667ca4d753ee97af449969ef2
                                                                            • Opcode Fuzzy Hash: 4306c1ef4dae0a4b29ef203fcf57cccf8875359b4f024cb98054127ea7f99c9a
                                                                            • Instruction Fuzzy Hash: 07710432A042119FC311EF24C8819BBB7F4EF94758F11492DFA969B691EB30ED45CB51
                                                                            Function 003A5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000063), ref: 003A5A2E
                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003A5A40
                                                                            • SetWindowTextW.USER32(?,?), ref: 003A5A57
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 003A5A6C
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 003A5A72
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 003A5A82
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 003A5A88
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 003A5AA9
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 003A5AC3
                                                                            • GetWindowRect.USER32(?,?), ref: 003A5ACC
                                                                            • _wcslen.LIBCMT ref: 003A5B33
                                                                            • SetWindowTextW.USER32(?,?), ref: 003A5B6F
                                                                            • GetDesktopWindow.USER32 ref: 003A5B75
                                                                            • GetWindowRect.USER32(00000000), ref: 003A5B7C
                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 003A5BD3
                                                                            • GetClientRect.USER32(?,?), ref: 003A5BE0
                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 003A5C05
                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003A5C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                            • String ID:
                                                                            • API String ID: 895679908-0
                                                                            • Opcode ID: 670ce6d48b91943bbd9e30d1af8d342281826c5965698f163958a280b94d5e2c
                                                                            • Instruction ID: 5cb301e31d7d1fdf03e318a4c26afd119780b5173c3bd8d74567d0c6eded9837
                                                                            • Opcode Fuzzy Hash: 670ce6d48b91943bbd9e30d1af8d342281826c5965698f163958a280b94d5e2c
                                                                            • Instruction Fuzzy Hash: B8718031A00B05EFDB22DFA8CD85AAEBBF9FF48705F104519E142A75A0D774E944CB60
                                                                            Function 003BFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 003BFE27
                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 003BFE32
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 003BFE3D
                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 003BFE48
                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 003BFE53
                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 003BFE5E
                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 003BFE69
                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 003BFE74
                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 003BFE7F
                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 003BFE8A
                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 003BFE95
                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 003BFEA0
                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 003BFEAB
                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 003BFEB6
                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 003BFEC1
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 003BFECC
                                                                            • GetCursorInfo.USER32(?), ref: 003BFEDC
                                                                            • GetLastError.KERNEL32 ref: 003BFF1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                            • String ID:
                                                                            • API String ID: 3215588206-0
                                                                            • Opcode ID: 0db20f61088db81fcb2637d11c58e27d903ddf768aa6f689251e812b754f026b
                                                                            • Instruction ID: 8a15fef640c1ad1b7033b1bea6c32717bf22522a9d7e1096daaa4cebe4a65a68
                                                                            • Opcode Fuzzy Hash: 0db20f61088db81fcb2637d11c58e27d903ddf768aa6f689251e812b754f026b
                                                                            • Instruction Fuzzy Hash: 0B4184B0D093196EDB119FBA8C8586EBFE8FF04754B50412AE11CEB681DB78E901CF90
                                                                            Function 003A30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[@
                                                                            • API String ID: 176396367-2531399406
                                                                            • Opcode ID: f521ee5c5bfb53de8dadc55579310cfddaee4fbd55ae50693186d5abaec52a69
                                                                            • Instruction ID: 44a71d67961c124156649acf3ceaedde6f87d349534312def787c9b3ed88d6ba
                                                                            • Opcode Fuzzy Hash: f521ee5c5bfb53de8dadc55579310cfddaee4fbd55ae50693186d5abaec52a69
                                                                            • Instruction Fuzzy Hash: BEE1D531A005169BCB16DFB8C4517EEFBB4FF56710F55812AF456BB280DB30AE858B90
                                                                            Function 003600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 003600C6
                                                                              • Part of subcall function 003600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0041070C,00000FA0,A5A3735A,?,?,?,?,003823B3,000000FF), ref: 0036011C
                                                                              • Part of subcall function 003600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,003823B3,000000FF), ref: 00360127
                                                                              • Part of subcall function 003600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,003823B3,000000FF), ref: 00360138
                                                                              • Part of subcall function 003600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0036014E
                                                                              • Part of subcall function 003600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0036015C
                                                                              • Part of subcall function 003600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0036016A
                                                                              • Part of subcall function 003600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00360195
                                                                              • Part of subcall function 003600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003601A0
                                                                            • ___scrt_fastfail.LIBCMT ref: 003600E7
                                                                              • Part of subcall function 003600A3: __onexit.LIBCMT ref: 003600A9
                                                                            Strings
                                                                            • InitializeConditionVariable, xrefs: 00360148
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00360122
                                                                            • kernel32.dll, xrefs: 00360133
                                                                            • SleepConditionVariableCS, xrefs: 00360154
                                                                            • WakeAllConditionVariable, xrefs: 00360162
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 66158676-1714406822
                                                                            • Opcode ID: 57fac0651484bf413b3968fe92646b444f7e05a32089d2184b298efb4b5ed529
                                                                            • Instruction ID: 3146723afaa7fbea55cda96adc8235de427eba3d6a6c121222a788bf5505efa1
                                                                            • Opcode Fuzzy Hash: 57fac0651484bf413b3968fe92646b444f7e05a32089d2184b298efb4b5ed529
                                                                            • Instruction Fuzzy Hash: 002129366513116FD7176BA4BC47FAB7398EB06B51F118137F802E62D5DBB49800CA94
                                                                            Function 003B44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(00000000,00000000,003DCC08), ref: 003B4527
                                                                            • _wcslen.LIBCMT ref: 003B453B
                                                                            • _wcslen.LIBCMT ref: 003B4599
                                                                            • _wcslen.LIBCMT ref: 003B45F4
                                                                            • _wcslen.LIBCMT ref: 003B463F
                                                                            • _wcslen.LIBCMT ref: 003B46A7
                                                                              • Part of subcall function 0035F9F2: _wcslen.LIBCMT ref: 0035F9FD
                                                                            • GetDriveTypeW.KERNEL32(?,00406BF0,00000061), ref: 003B4743
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                            • API String ID: 2055661098-1000479233
                                                                            • Opcode ID: e097a28f5d44e771c1fa4fc9d473103e1531a269f22028e886db9e58f42986af
                                                                            • Instruction ID: bf8b9be86273d2e9185234daf7976814845d07adbbedc8f4c8012f22f254b998
                                                                            • Opcode Fuzzy Hash: e097a28f5d44e771c1fa4fc9d473103e1531a269f22028e886db9e58f42986af
                                                                            • Instruction Fuzzy Hash: C1B137316083029FC712DF28C891ABEB7E4BF96718F11491EF696CB692D730E844CB56
                                                                            Function 003D911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • DragQueryPoint.SHELL32(?,?), ref: 003D9147
                                                                              • Part of subcall function 003D7674: ClientToScreen.USER32(?,?), ref: 003D769A
                                                                              • Part of subcall function 003D7674: GetWindowRect.USER32(?,?), ref: 003D7710
                                                                              • Part of subcall function 003D7674: PtInRect.USER32(?,?,003D8B89), ref: 003D7720
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 003D91B0
                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003D91BB
                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003D91DE
                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 003D9225
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 003D923E
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 003D9255
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 003D9277
                                                                            • DragFinish.SHELL32(?), ref: 003D927E
                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003D9371
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#A
                                                                            • API String ID: 221274066-1905417563
                                                                            • Opcode ID: ce0b3db6cb4250a3e9cb13bb69ec04ca3d2734a6e15236ef8044fd3cadddf34e
                                                                            • Instruction ID: 345640eb7b74cc67e7379866579827881ae966cacdaa3be344b0d30ffac50136
                                                                            • Opcode Fuzzy Hash: ce0b3db6cb4250a3e9cb13bb69ec04ca3d2734a6e15236ef8044fd3cadddf34e
                                                                            • Instruction Fuzzy Hash: D4615E71118305AFC702DF54EC85EAFBBE8EF85750F00092EF5959B2A1DB70AA49CB52
                                                                            Function 003CAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 003CB198
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003CB1B0
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003CB1D4
                                                                            • _wcslen.LIBCMT ref: 003CB200
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003CB214
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003CB236
                                                                            • _wcslen.LIBCMT ref: 003CB332
                                                                              • Part of subcall function 003B05A7: GetStdHandle.KERNEL32(000000F6), ref: 003B05C6
                                                                            • _wcslen.LIBCMT ref: 003CB34B
                                                                            • _wcslen.LIBCMT ref: 003CB366
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003CB3B6
                                                                            • GetLastError.KERNEL32(00000000), ref: 003CB407
                                                                            • CloseHandle.KERNEL32(?), ref: 003CB439
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CB44A
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CB45C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CB46E
                                                                            • CloseHandle.KERNEL32(?), ref: 003CB4E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 2178637699-0
                                                                            • Opcode ID: c24bc48cbc0f33a95a270df67323d2eadfd68fac776d93e9efa732674070a1c0
                                                                            • Instruction ID: 962f36fc44d0f7b85b52fdfbecc7d0bee2373f7f07d98e883d92b572e3cb3fe4
                                                                            • Opcode Fuzzy Hash: c24bc48cbc0f33a95a270df67323d2eadfd68fac776d93e9efa732674070a1c0
                                                                            • Instruction Fuzzy Hash: FCF179316082409FC716EF24C892F6ABBE5AF85314F15895DF8999F2A2CB31EC44CB52
                                                                            Function 003C3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,003DCC08), ref: 003C40BB
                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 003C40CD
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,003DCC08), ref: 003C40F2
                                                                            • FreeLibrary.KERNEL32(00000000,?,003DCC08), ref: 003C413E
                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,003DCC08), ref: 003C41A8
                                                                            • SysFreeString.OLEAUT32(00000009), ref: 003C4262
                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 003C42C8
                                                                            • SysFreeString.OLEAUT32(?), ref: 003C42F2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                            • API String ID: 354098117-199464113
                                                                            • Opcode ID: aa4d5c93f243fc044ddb6942730a365abaf6420b8e4856f5a709359fe924d7e2
                                                                            • Instruction ID: 3ff7631507f55baf601fbee54a2aca4b3a2aa4f19786722e810b17b175b8649d
                                                                            • Opcode Fuzzy Hash: aa4d5c93f243fc044ddb6942730a365abaf6420b8e4856f5a709359fe924d7e2
                                                                            • Instruction Fuzzy Hash: DE124875A00219EFDB16CF94C894FAEBBB9BF45314F258099E905DB261C731ED42CBA0
                                                                            Function 0034326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemCount.USER32(00411990), ref: 00382F8D
                                                                            • GetMenuItemCount.USER32(00411990), ref: 0038303D
                                                                            • GetCursorPos.USER32(?), ref: 00383081
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0038308A
                                                                            • TrackPopupMenuEx.USER32(00411990,00000000,?,00000000,00000000,00000000), ref: 0038309D
                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003830A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                            • String ID: 0
                                                                            • API String ID: 36266755-4108050209
                                                                            • Opcode ID: 0a0575288a83326f3fbcec7e63572fa5cddb59026e95824967b45a1e92ace925
                                                                            • Instruction ID: 4beed7a9c179e412ee6410d0e3b8b86dcbf62490f08579a4f934976424bf28e1
                                                                            • Opcode Fuzzy Hash: 0a0575288a83326f3fbcec7e63572fa5cddb59026e95824967b45a1e92ace925
                                                                            • Instruction Fuzzy Hash: 69710770644306BEEB239F25DC49FAABFA9FF05324F204256F6256A1E1C7B1A910DB50
                                                                            Function 003D6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,?), ref: 003D6DEB
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 003D6E5F
                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003D6E81
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003D6E94
                                                                            • DestroyWindow.USER32(?), ref: 003D6EB5
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00340000,00000000), ref: 003D6EE4
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003D6EFD
                                                                            • GetDesktopWindow.USER32 ref: 003D6F16
                                                                            • GetWindowRect.USER32(00000000), ref: 003D6F1D
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003D6F35
                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003D6F4D
                                                                              • Part of subcall function 00359944: GetWindowLongW.USER32(?,000000EB), ref: 00359952
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                            • String ID: 0$tooltips_class32
                                                                            • API String ID: 2429346358-3619404913
                                                                            • Opcode ID: 5eb20eeb9f6685fce12c727bcf588f11f86f295feecdaff61309e340200d1889
                                                                            • Instruction ID: b0cffecc0db6c7041de8b352fa80975a60bd86b0e92357acd20baeca63ed8259
                                                                            • Opcode Fuzzy Hash: 5eb20eeb9f6685fce12c727bcf588f11f86f295feecdaff61309e340200d1889
                                                                            • Instruction Fuzzy Hash: B17167B1114241AFDB22CF18EC55BAABBE9FB89304F04452EF9A987361C770E905CB16
                                                                            Function 003BC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003BC4B0
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003BC4C3
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003BC4D7
                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003BC4F0
                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 003BC533
                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003BC549
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003BC554
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003BC584
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003BC5DC
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003BC5F0
                                                                            • InternetCloseHandle.WININET(00000000), ref: 003BC5FB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                            • String ID:
                                                                            • API String ID: 3800310941-3916222277
                                                                            • Opcode ID: a936f39df43c5ad1cfe186f5a17d2ad6aa70312852857c11be3506dd31ed545f
                                                                            • Instruction ID: fe601bbcc3a8baf1fb95c9508a9449afea16031bcb38892916b46532d56e4ec1
                                                                            • Opcode Fuzzy Hash: a936f39df43c5ad1cfe186f5a17d2ad6aa70312852857c11be3506dd31ed545f
                                                                            • Instruction Fuzzy Hash: BF516FB0521209BFDB328F61D988AEB7BBCFF05748F00541AFA45D6910DB34EA44DB60
                                                                            Function 003D856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 003D8592
                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 003D85A2
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 003D85AD
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003D85BA
                                                                            • GlobalLock.KERNEL32(00000000), ref: 003D85C8
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003D85D7
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 003D85E0
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003D85E7
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 003D85F8
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,003DFC38,?), ref: 003D8611
                                                                            • GlobalFree.KERNEL32(00000000), ref: 003D8621
                                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 003D8641
                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 003D8671
                                                                            • DeleteObject.GDI32(00000000), ref: 003D8699
                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 003D86AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                            • String ID:
                                                                            • API String ID: 3840717409-0
                                                                            • Opcode ID: 42d095f1fbd2281ee8d585d7e6db3f00c1971ab0ef804c6279a6a3b83a18fd95
                                                                            • Instruction ID: 78548f67b407d003a8ffda6c81f6bf5a3fe965401d961fe17831dd694190ca2e
                                                                            • Opcode Fuzzy Hash: 42d095f1fbd2281ee8d585d7e6db3f00c1971ab0ef804c6279a6a3b83a18fd95
                                                                            • Instruction Fuzzy Hash: F7413A75611209AFDB129FA5EC88EAE7BBDFF89711F10455AF905E7260DB30AD01CB20
                                                                            Function 003B14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000000), ref: 003B1502
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 003B150B
                                                                            • VariantClear.OLEAUT32(?), ref: 003B1517
                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003B15FB
                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 003B1657
                                                                            • VariantInit.OLEAUT32(?), ref: 003B1708
                                                                            • SysFreeString.OLEAUT32(?), ref: 003B178C
                                                                            • VariantClear.OLEAUT32(?), ref: 003B17D8
                                                                            • VariantClear.OLEAUT32(?), ref: 003B17E7
                                                                            • VariantInit.OLEAUT32(00000000), ref: 003B1823
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                            • API String ID: 1234038744-3931177956
                                                                            • Opcode ID: 1cf180db2a0ef64b422cdd8e7613a783d2dc7ca61fe8405f0d3943a00703ffeb
                                                                            • Instruction ID: 5593c7a218f2f4e86c9301311fb7efb9ca45043edbcf9efd883f26bae3cb3bdc
                                                                            • Opcode Fuzzy Hash: 1cf180db2a0ef64b422cdd8e7613a783d2dc7ca61fe8405f0d3943a00703ffeb
                                                                            • Instruction Fuzzy Hash: 31D10232600105DBCB229F65E8A5BB9B7B9BF46704F908057FA06AF990DB30ED44DB91
                                                                            Function 003CB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003CB6AE,?,?), ref: 003CC9B5
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CC9F1
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA68
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003CB6F4
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003CB772
                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 003CB80A
                                                                            • RegCloseKey.ADVAPI32(?), ref: 003CB87E
                                                                            • RegCloseKey.ADVAPI32(?), ref: 003CB89C
                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 003CB8F2
                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003CB904
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 003CB922
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 003CB983
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CB994
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 146587525-4033151799
                                                                            • Opcode ID: 6453f66876d6f5ece80862768461abb59743fe2b29675605786b798bf33e2d05
                                                                            • Instruction ID: 33a4f5b433143e370abf320e104c6f983f62633cbfce3fb36ac9492c99e01aea
                                                                            • Opcode Fuzzy Hash: 6453f66876d6f5ece80862768461abb59743fe2b29675605786b798bf33e2d05
                                                                            • Instruction Fuzzy Hash: F9C17A35215241AFD712DF24C496F2AFBE5BF84308F15859CE49A8F2A2CB35EC45CB92
                                                                            Function 003C255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 003C25D8
                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 003C25E8
                                                                            • CreateCompatibleDC.GDI32(?), ref: 003C25F4
                                                                            • SelectObject.GDI32(00000000,?), ref: 003C2601
                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 003C266D
                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 003C26AC
                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 003C26D0
                                                                            • SelectObject.GDI32(?,?), ref: 003C26D8
                                                                            • DeleteObject.GDI32(?), ref: 003C26E1
                                                                            • DeleteDC.GDI32(?), ref: 003C26E8
                                                                            • ReleaseDC.USER32(00000000,?), ref: 003C26F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                            • String ID: (
                                                                            • API String ID: 2598888154-3887548279
                                                                            • Opcode ID: f1a5566f17bee75127e1e7d4e72d16ce4899756a3d721e9c7325b5cde4a99988
                                                                            • Instruction ID: e2e3fa97adab3e7c96acc51edfcaaffa61d57bd56186bb6f34161f872aa4b38a
                                                                            • Opcode Fuzzy Hash: f1a5566f17bee75127e1e7d4e72d16ce4899756a3d721e9c7325b5cde4a99988
                                                                            • Instruction Fuzzy Hash: C861E175D1021AEFCB05CFA8D884EAEBBB9FF48310F24852AE955A7250D770AD51CF60
                                                                            Function 0037DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___free_lconv_mon.LIBCMT ref: 0037DAA1
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D659
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D66B
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D67D
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D68F
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6A1
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6B3
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6C5
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6D7
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6E9
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D6FB
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D70D
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D71F
                                                                              • Part of subcall function 0037D63C: _free.LIBCMT ref: 0037D731
                                                                            • _free.LIBCMT ref: 0037DA96
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • _free.LIBCMT ref: 0037DAB8
                                                                            • _free.LIBCMT ref: 0037DACD
                                                                            • _free.LIBCMT ref: 0037DAD8
                                                                            • _free.LIBCMT ref: 0037DAFA
                                                                            • _free.LIBCMT ref: 0037DB0D
                                                                            • _free.LIBCMT ref: 0037DB1B
                                                                            • _free.LIBCMT ref: 0037DB26
                                                                            • _free.LIBCMT ref: 0037DB5E
                                                                            • _free.LIBCMT ref: 0037DB65
                                                                            • _free.LIBCMT ref: 0037DB82
                                                                            • _free.LIBCMT ref: 0037DB9A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                            • String ID:
                                                                            • API String ID: 161543041-0
                                                                            • Opcode ID: ab89f8259e8f2d389a1d62899778a093b5529bcddbb4675a81c7c49a2ba1612c
                                                                            • Instruction ID: 382551ffdb663e32fbbc7cc168c7e637101ff979fd8391dc0af136dbfd39f3f3
                                                                            • Opcode Fuzzy Hash: ab89f8259e8f2d389a1d62899778a093b5529bcddbb4675a81c7c49a2ba1612c
                                                                            • Instruction Fuzzy Hash: 0B314A316042059FEB33AA39E845B5BB7F9FF02310F16C429E54DDB195DB39AC908B64
                                                                            Function 003A365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 003A369C
                                                                            • _wcslen.LIBCMT ref: 003A36A7
                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 003A3797
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 003A380C
                                                                            • GetDlgCtrlID.USER32(?), ref: 003A385D
                                                                            • GetWindowRect.USER32(?,?), ref: 003A3882
                                                                            • GetParent.USER32(?), ref: 003A38A0
                                                                            • ScreenToClient.USER32(00000000), ref: 003A38A7
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 003A3921
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 003A395D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                            • String ID: %s%u
                                                                            • API String ID: 4010501982-679674701
                                                                            • Opcode ID: b9fe040965e92ac47a76800380df2088e9a751fbe5634ac1cba5b91e188d069e
                                                                            • Instruction ID: 8c53c8bd4b19e760e4727ef4040c717ec12a3409bbc39982e43d982e26bbdcc2
                                                                            • Opcode Fuzzy Hash: b9fe040965e92ac47a76800380df2088e9a751fbe5634ac1cba5b91e188d069e
                                                                            • Instruction Fuzzy Hash: F091C171204606AFD71ADF24C885FEAF7A8FF45350F00862DF999D6190DB34EA49CB91
                                                                            Function 003A4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 003A4994
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 003A49DA
                                                                            • _wcslen.LIBCMT ref: 003A49EB
                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 003A49F7
                                                                            • _wcsstr.LIBVCRUNTIME ref: 003A4A2C
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 003A4A64
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 003A4A9D
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 003A4AE6
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 003A4B20
                                                                            • GetWindowRect.USER32(?,?), ref: 003A4B8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                            • String ID: ThumbnailClass
                                                                            • API String ID: 1311036022-1241985126
                                                                            • Opcode ID: 23235efd9470e58d34cd107a9220c8fb63526df1c553ae1186133db849914add
                                                                            • Instruction ID: 4ea0d9d08ef1ec1dffce65bbbc2313ee9ebb49e2e887759b11737d925d5b8434
                                                                            • Opcode Fuzzy Hash: 23235efd9470e58d34cd107a9220c8fb63526df1c553ae1186133db849914add
                                                                            • Instruction Fuzzy Hash: 1291E1710082069FDB06CF14D981FAA77E8FFC6314F04846AFD859A196EB70ED45CBA1
                                                                            Function 003ABF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00411990,000000FF,00000000,00000030), ref: 003ABFAC
                                                                            • SetMenuItemInfoW.USER32(00411990,00000004,00000000,00000030), ref: 003ABFE1
                                                                            • Sleep.KERNEL32(000001F4), ref: 003ABFF3
                                                                            • GetMenuItemCount.USER32(?), ref: 003AC039
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 003AC056
                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 003AC082
                                                                            • GetMenuItemID.USER32(?,?), ref: 003AC0C9
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 003AC10F
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003AC124
                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003AC145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                            • String ID: 0
                                                                            • API String ID: 1460738036-4108050209
                                                                            • Opcode ID: 17f79602cea6b798d89e8ee382004ef35005ff09ad8e5d8aa9f0922bc04cee9f
                                                                            • Instruction ID: 03a33deebd88998fe459de1a9f2121f4a0d1d10a1e907b99d66782216a9fd4bf
                                                                            • Opcode Fuzzy Hash: 17f79602cea6b798d89e8ee382004ef35005ff09ad8e5d8aa9f0922bc04cee9f
                                                                            • Instruction Fuzzy Hash: D3619EB0A2024AAFDF12CF64DD88AEEBBB9EB07344F045155F911A7292D735ED04CB60
                                                                            Function 003CCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003CCC64
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 003CCC8D
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003CCD48
                                                                              • Part of subcall function 003CCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 003CCCAA
                                                                              • Part of subcall function 003CCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 003CCCBD
                                                                              • Part of subcall function 003CCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003CCCCF
                                                                              • Part of subcall function 003CCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003CCD05
                                                                              • Part of subcall function 003CCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003CCD28
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 003CCCF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 2734957052-4033151799
                                                                            • Opcode ID: 8d911ba9478a7af813cea99cbac0d4c35b9040d7acdbcd8f3e0dbd08c1d8c0e2
                                                                            • Instruction ID: 193942282d0389ad8e563f9319946f67592e61f6a4406b7cc4aa64867f9c1cb4
                                                                            • Opcode Fuzzy Hash: 8d911ba9478a7af813cea99cbac0d4c35b9040d7acdbcd8f3e0dbd08c1d8c0e2
                                                                            • Instruction Fuzzy Hash: A4318471921129BBDB229B50DC88EFFBB7CEF15740F015169E90AE2140DB349E45DBA0
                                                                            Function 003B3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003B3D40
                                                                            • _wcslen.LIBCMT ref: 003B3D6D
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 003B3D9D
                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003B3DBE
                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 003B3DCE
                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 003B3E55
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003B3E60
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003B3E6B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                            • String ID: :$\$\??\%s
                                                                            • API String ID: 1149970189-3457252023
                                                                            • Opcode ID: 42253dc73f6dac6cab827bdf3b0f9e87260be1ab15009fdd7e4be87273913cc3
                                                                            • Instruction ID: 2b04d3cd469676cd90561690691b06f25b611cdcc5e3cd08b96ae3eb5d0d7925
                                                                            • Opcode Fuzzy Hash: 42253dc73f6dac6cab827bdf3b0f9e87260be1ab15009fdd7e4be87273913cc3
                                                                            • Instruction Fuzzy Hash: B331D47595021AABDB229BA0DC48FEF37BCEF88704F1141BAF605D6060EB749744CB24
                                                                            Function 003AE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • timeGetTime.WINMM ref: 003AE6B4
                                                                              • Part of subcall function 0035E551: timeGetTime.WINMM(?,?,003AE6D4), ref: 0035E555
                                                                            • Sleep.KERNEL32(0000000A), ref: 003AE6E1
                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 003AE705
                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 003AE727
                                                                            • SetActiveWindow.USER32 ref: 003AE746
                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003AE754
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 003AE773
                                                                            • Sleep.KERNEL32(000000FA), ref: 003AE77E
                                                                            • IsWindow.USER32 ref: 003AE78A
                                                                            • EndDialog.USER32(00000000), ref: 003AE79B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                            • String ID: BUTTON
                                                                            • API String ID: 1194449130-3405671355
                                                                            • Opcode ID: bd65b34a60b67dc5b5068f51cb5bfbbef2285cfa47db8dd3b9d25930f91be503
                                                                            • Instruction ID: 486300457970e6aab22e58818e87f8849d98a7f30de8cbecb9d7d3aed7bd6c0a
                                                                            • Opcode Fuzzy Hash: bd65b34a60b67dc5b5068f51cb5bfbbef2285cfa47db8dd3b9d25930f91be503
                                                                            • Instruction Fuzzy Hash: 11216FB0220206AFEB035F60FD89B657B6DF796349F145436F911D25B1DBB2AC10CA28
                                                                            Function 003AE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003AEA5D
                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003AEA73
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003AEA84
                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003AEA96
                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003AEAA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString$_wcslen
                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                            • API String ID: 2420728520-1007645807
                                                                            • Opcode ID: c4715b1d287a2182088b441aa64b1abe4eba0834848e9f83c0e83cabf39f010c
                                                                            • Instruction ID: 0934c1b866571409cdd61a1a63e94584b5382730ed1662e1dd3f78be79fd1f03
                                                                            • Opcode Fuzzy Hash: c4715b1d287a2182088b441aa64b1abe4eba0834848e9f83c0e83cabf39f010c
                                                                            • Instruction Fuzzy Hash: 6A117371A902597DE721A7A5DC4AFFF6ABCEBD2B00F11043A7802AB0D1EE701D15C5B0
                                                                            Function 003A9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 003AA012
                                                                            • SetKeyboardState.USER32(?), ref: 003AA07D
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 003AA09D
                                                                            • GetKeyState.USER32(000000A0), ref: 003AA0B4
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 003AA0E3
                                                                            • GetKeyState.USER32(000000A1), ref: 003AA0F4
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 003AA120
                                                                            • GetKeyState.USER32(00000011), ref: 003AA12E
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 003AA157
                                                                            • GetKeyState.USER32(00000012), ref: 003AA165
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 003AA18E
                                                                            • GetKeyState.USER32(0000005B), ref: 003AA19C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: de602bfded62f82f58ac2aa64a6f5029386ec7ba70a41e6f86b7220006371205
                                                                            • Instruction ID: 9c6903297d3399bf00a4737fc47896a82dc09354289a8d1f7cf657e39e08573d
                                                                            • Opcode Fuzzy Hash: de602bfded62f82f58ac2aa64a6f5029386ec7ba70a41e6f86b7220006371205
                                                                            • Instruction Fuzzy Hash: 53518831904B882DFB37DB6088157EABFB5DF13380F09859AD5C25B5C2DB54AA4CC762
                                                                            Function 003A5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000001), ref: 003A5CE2
                                                                            • GetWindowRect.USER32(00000000,?), ref: 003A5CFB
                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 003A5D59
                                                                            • GetDlgItem.USER32(?,00000002), ref: 003A5D69
                                                                            • GetWindowRect.USER32(00000000,?), ref: 003A5D7B
                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 003A5DCF
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 003A5DDD
                                                                            • GetWindowRect.USER32(00000000,?), ref: 003A5DEF
                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 003A5E31
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 003A5E44
                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003A5E5A
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 003A5E67
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                            • String ID:
                                                                            • API String ID: 3096461208-0
                                                                            • Opcode ID: 08926c8266a664389bcda962fe78c8a35ba8d569aa8353d6694dd3f426887881
                                                                            • Instruction ID: 86e8f78e4a7384e3106bbbbe331dda87efe91a6415aee3e8ec12abc3dd0d62aa
                                                                            • Opcode Fuzzy Hash: 08926c8266a664389bcda962fe78c8a35ba8d569aa8353d6694dd3f426887881
                                                                            • Instruction Fuzzy Hash: 06512DB1B11606AFDF19CF68DD89AAEBBB9FB49300F148129F515E6290D770DE00CB50
                                                                            Function 00358BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00358F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00358BE8,?,00000000,?,?,?,?,00358BBA,00000000,?), ref: 00358FC5
                                                                            • DestroyWindow.USER32(?), ref: 00358C81
                                                                            • KillTimer.USER32(00000000,?,?,?,?,00358BBA,00000000,?), ref: 00358D1B
                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00396973
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00358BBA,00000000,?), ref: 003969A1
                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00358BBA,00000000,?), ref: 003969B8
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00358BBA,00000000), ref: 003969D4
                                                                            • DeleteObject.GDI32(00000000), ref: 003969E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 641708696-0
                                                                            • Opcode ID: 4bb1710c39d9b5b466c1cc0889a78387d56f4f00bda0a8f8bb1003a7805f0cab
                                                                            • Instruction ID: 58cf913d78654e7e264679e7154ec9bcfa084e923c2051fe6f75d6d1fe56cec7
                                                                            • Opcode Fuzzy Hash: 4bb1710c39d9b5b466c1cc0889a78387d56f4f00bda0a8f8bb1003a7805f0cab
                                                                            • Instruction Fuzzy Hash: BC619D71523601DFCF239F24D949B69B7F5FB40312F159529E942AA970CB31AC84CF94
                                                                            Function 00359838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359944: GetWindowLongW.USER32(?,000000EB), ref: 00359952
                                                                            • GetSysColor.USER32(0000000F), ref: 00359862
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ColorLongWindow
                                                                            • String ID:
                                                                            • API String ID: 259745315-0
                                                                            • Opcode ID: 2834a52222d63e187d544651d2c8126bf4ac58e330dd7540460b70cc22fdf004
                                                                            • Instruction ID: b97112706f0aff32f6cf331fb9a3ce78e96bcb482449d095d9a6387026614a0a
                                                                            • Opcode Fuzzy Hash: 2834a52222d63e187d544651d2c8126bf4ac58e330dd7540460b70cc22fdf004
                                                                            • Instruction Fuzzy Hash: 0541A031115611DFDF225F38AC88FB93BA9AB06332F165616F9A28B2F1D7319C46DB10
                                                                            Function 00378D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .6
                                                                            • API String ID: 0-1713163095
                                                                            • Opcode ID: e8bd6839488a77d70fcbd00b1c350f4330fe01751d400bbeda377ed0e3a666e9
                                                                            • Instruction ID: 4c92c4a1e631a2c6951fc74c2e0eea320d4466705a225cc45a9651aaf332f97a
                                                                            • Opcode Fuzzy Hash: e8bd6839488a77d70fcbd00b1c350f4330fe01751d400bbeda377ed0e3a666e9
                                                                            • Instruction Fuzzy Hash: 78C1D774E042499FDB23DFA8D885BEDBBB4AF0A310F05C156E518AB392C7789941CF61
                                                                            Function 003A96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0038F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 003A9717
                                                                            • LoadStringW.USER32(00000000,?,0038F7F8,00000001), ref: 003A9720
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0038F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 003A9742
                                                                            • LoadStringW.USER32(00000000,?,0038F7F8,00000001), ref: 003A9745
                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 003A9866
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                            • API String ID: 747408836-2268648507
                                                                            • Opcode ID: 2b605bfea90f33e8a0e0aa2c2be1e41e48f69d419af1a80240f4e272dac37192
                                                                            • Instruction ID: 91aad9551fb64cad29ee63f2371974863f87d5bf7fcef57c1477e3fca9931706
                                                                            • Opcode Fuzzy Hash: 2b605bfea90f33e8a0e0aa2c2be1e41e48f69d419af1a80240f4e272dac37192
                                                                            • Instruction Fuzzy Hash: 97412F72900219AADB06EFE0DD86EEE77BCEF15340F500166B5057B092EB356F48CB61
                                                                            Function 003A06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003A07A2
                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003A07BE
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003A07DA
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 003A0804
                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 003A082C
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003A0837
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 003A083C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                            • API String ID: 323675364-22481851
                                                                            • Opcode ID: 0a727d97f90dce2c2c6589bb24a8b24990b6db04648db1ff8238809c2b5fddc1
                                                                            • Instruction ID: 82e04da1204d27c4c45b83e73ec64684834a70a37f10a0c8fc36259fd8865237
                                                                            • Opcode Fuzzy Hash: 0a727d97f90dce2c2c6589bb24a8b24990b6db04648db1ff8238809c2b5fddc1
                                                                            • Instruction Fuzzy Hash: EA41F972C10229ABDF16EFA4DC95DEEB7B8FF04350F154166E905AB161EB34AE04CB90
                                                                            Function 003D3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 003D403B
                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 003D4042
                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 003D4055
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 003D405D
                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 003D4068
                                                                            • DeleteDC.GDI32(00000000), ref: 003D4072
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 003D407C
                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 003D4092
                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 003D409E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                            • String ID: static
                                                                            • API String ID: 2559357485-2160076837
                                                                            • Opcode ID: 5fc6dc670ee89e6c77cc7cd8077269deed558e55aa898d1c44e85c94191dbf33
                                                                            • Instruction ID: b16790d922818c9b8b913991c0c3f828bb8f3d99d5df7d88fa782dc960c87c03
                                                                            • Opcode Fuzzy Hash: 5fc6dc670ee89e6c77cc7cd8077269deed558e55aa898d1c44e85c94191dbf33
                                                                            • Instruction Fuzzy Hash: 7F315C3252121AABDF229FA4EC09FDA7B6DFF0D320F111212FA14A61A0C775D820DB54
                                                                            Function 003C3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 003C3C5C
                                                                            • CoInitialize.OLE32(00000000), ref: 003C3C8A
                                                                            • CoUninitialize.OLE32 ref: 003C3C94
                                                                            • _wcslen.LIBCMT ref: 003C3D2D
                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 003C3DB1
                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 003C3ED5
                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 003C3F0E
                                                                            • CoGetObject.OLE32(?,00000000,003DFB98,?), ref: 003C3F2D
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 003C3F40
                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003C3FC4
                                                                            • VariantClear.OLEAUT32(?), ref: 003C3FD8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                            • String ID:
                                                                            • API String ID: 429561992-0
                                                                            • Opcode ID: 547b775151929afabc5d2d2bea9209110085fe5c94b68aaef9cdd1a44a50063c
                                                                            • Instruction ID: d6998c7773e9c5f13c1cb597d5552e6b4dbad0c330e0a9ceeae23ca1d557a052
                                                                            • Opcode Fuzzy Hash: 547b775151929afabc5d2d2bea9209110085fe5c94b68aaef9cdd1a44a50063c
                                                                            • Instruction Fuzzy Hash: 53C1F2716082059FD702DF68C884E2AB7E9FF89744F10895DF98ADB251DB31ED05CB52
                                                                            Function 003B7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 003B7AF3
                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003B7B8F
                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 003B7BA3
                                                                            • CoCreateInstance.OLE32(003DFD08,00000000,00000001,00406E6C,?), ref: 003B7BEF
                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003B7C74
                                                                            • CoTaskMemFree.OLE32(?,?), ref: 003B7CCC
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 003B7D57
                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003B7D7A
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 003B7D81
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 003B7DD6
                                                                            • CoUninitialize.OLE32 ref: 003B7DDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2762341140-0
                                                                            • Opcode ID: d7d780ab2824a8fd5191ec9277e30bf6a90fefdfe8740e3ab0991527c4c06e14
                                                                            • Instruction ID: 187036f186cf09afcbf8a99636dfedb1bc00bc5e1d1a28e5cc3bb6b45efb8359
                                                                            • Opcode Fuzzy Hash: d7d780ab2824a8fd5191ec9277e30bf6a90fefdfe8740e3ab0991527c4c06e14
                                                                            • Instruction Fuzzy Hash: A9C12975A04109AFCB15DFA4C884DAEBBF9FF48308B148499E91A9B761D730EE45CB90
                                                                            Function 003D541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003D5504
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003D5515
                                                                            • CharNextW.USER32(00000158), ref: 003D5544
                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003D5585
                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003D559B
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003D55AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CharNext
                                                                            • String ID:
                                                                            • API String ID: 1350042424-0
                                                                            • Opcode ID: d701b4fb207ddf05cadabc3f717d817a677a35b2d11ff334475318ff9f5580e4
                                                                            • Instruction ID: 77a60a9f89c260e9a39451a0841a2e007e4d769b246c3dd6e19c7a75030dc1e6
                                                                            • Opcode Fuzzy Hash: d701b4fb207ddf05cadabc3f717d817a677a35b2d11ff334475318ff9f5580e4
                                                                            • Instruction Fuzzy Hash: FB61C072904609EFDF128F65EC84DFE7BB9EB06321F148147F925AA390D7708A80DB61
                                                                            Function 0039FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0039FAAF
                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0039FB08
                                                                            • VariantInit.OLEAUT32(?), ref: 0039FB1A
                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0039FB3A
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0039FB8D
                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0039FBA1
                                                                            • VariantClear.OLEAUT32(?), ref: 0039FBB6
                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0039FBC3
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0039FBCC
                                                                            • VariantClear.OLEAUT32(?), ref: 0039FBDE
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0039FBE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                            • String ID:
                                                                            • API String ID: 2706829360-0
                                                                            • Opcode ID: 78d99e4c2e7dc54c9e08c9d37b3ce8d46046c25f0d6c0045c0dd702a64b90164
                                                                            • Instruction ID: 98c1ba35927e4358700ce455fcae5cd025254733161eb59b014f8eb37cf8827e
                                                                            • Opcode Fuzzy Hash: 78d99e4c2e7dc54c9e08c9d37b3ce8d46046c25f0d6c0045c0dd702a64b90164
                                                                            • Instruction Fuzzy Hash: F5416035A1021A9FCF06DF69D8549EEBBB9FF08344F008069E905EB261CB30A945CF90
                                                                            Function 003A9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 003A9CA1
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 003A9D22
                                                                            • GetKeyState.USER32(000000A0), ref: 003A9D3D
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 003A9D57
                                                                            • GetKeyState.USER32(000000A1), ref: 003A9D6C
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 003A9D84
                                                                            • GetKeyState.USER32(00000011), ref: 003A9D96
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 003A9DAE
                                                                            • GetKeyState.USER32(00000012), ref: 003A9DC0
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 003A9DD8
                                                                            • GetKeyState.USER32(0000005B), ref: 003A9DEA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: f29529fbd26a33115057a1ed4f0817d72968984ac658204353e8a6c31a820191
                                                                            • Instruction ID: 939372ca3e1bb70efcd0cc77b694eef50d6d072720b4055891c93fc70617827b
                                                                            • Opcode Fuzzy Hash: f29529fbd26a33115057a1ed4f0817d72968984ac658204353e8a6c31a820191
                                                                            • Instruction Fuzzy Hash: AC41D634504BCA6DFF33866498443B5BEA1EF13354F09805BDAC6665C2EBA499C8C7A2
                                                                            Function 003C055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 003C05BC
                                                                            • inet_addr.WSOCK32(?), ref: 003C061C
                                                                            • gethostbyname.WSOCK32(?), ref: 003C0628
                                                                            • IcmpCreateFile.IPHLPAPI ref: 003C0636
                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003C06C6
                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003C06E5
                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 003C07B9
                                                                            • WSACleanup.WSOCK32 ref: 003C07BF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                            • String ID: Ping
                                                                            • API String ID: 1028309954-2246546115
                                                                            • Opcode ID: c121852e3cf8523367fe86f1ceba1b924584e48a90ef5dcbd232fd0a860127cf
                                                                            • Instruction ID: 705045d67bced3a589654858556dae08125b3c017127bdfb382fcce111fb4026
                                                                            • Opcode Fuzzy Hash: c121852e3cf8523367fe86f1ceba1b924584e48a90ef5dcbd232fd0a860127cf
                                                                            • Instruction Fuzzy Hash: 87918935608281DFD72ADF15C889F1ABBE4AB44318F1585ADE469CF6A2C730ED45CF81
                                                                            Function 003C8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharLower
                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                            • API String ID: 707087890-567219261
                                                                            • Opcode ID: b2e4224ab00b1a3d37ecf650d96658027c2ad8cb18e30e96b5e8b09f96357f47
                                                                            • Instruction ID: 342ed79be90318dfa43a9a67966d2ffc220b6a2989eaa6a6659a8d2ac7bfbcbb
                                                                            • Opcode Fuzzy Hash: b2e4224ab00b1a3d37ecf650d96658027c2ad8cb18e30e96b5e8b09f96357f47
                                                                            • Instruction Fuzzy Hash: E3518131A001169BCB16DF7CC940ABEB7E5BF65724B21462EE426EB2C5DB35EE40C790
                                                                            Function 003C372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32 ref: 003C3774
                                                                            • CoUninitialize.OLE32 ref: 003C377F
                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,003DFB78,?), ref: 003C37D9
                                                                            • IIDFromString.OLE32(?,?), ref: 003C384C
                                                                            • VariantInit.OLEAUT32(?), ref: 003C38E4
                                                                            • VariantClear.OLEAUT32(?), ref: 003C3936
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                            • API String ID: 636576611-1287834457
                                                                            • Opcode ID: e9da4b83baed377cd4e2602f234c0b39fb53b6e2b57b0b35029ce55d86b1d2e6
                                                                            • Instruction ID: dc27e70d766fc7a71ae3122b2ddafd8afc9293a0fceb03990aa372a7cb7667dc
                                                                            • Opcode Fuzzy Hash: e9da4b83baed377cd4e2602f234c0b39fb53b6e2b57b0b35029ce55d86b1d2e6
                                                                            • Instruction Fuzzy Hash: D8616771608311AFD312DF54D888F6ABBE8EF49714F10885EF9859B291C770EE48CB92
                                                                            Function 003B3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 003B33CF
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 003B33F0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-3080491070
                                                                            • Opcode ID: 0560e9973409eb3b38848cfb40c2c57c26872b3b0d61f54dc43e208e62804ba1
                                                                            • Instruction ID: 14341f86f84cf922748a0bd93053e13cf22826a12740b7f0d2bab5389ee774c1
                                                                            • Opcode Fuzzy Hash: 0560e9973409eb3b38848cfb40c2c57c26872b3b0d61f54dc43e208e62804ba1
                                                                            • Instruction Fuzzy Hash: 53519332940219AADF16EBA0DD46EEEB3B8EF05340F104166F5057B0A2DB357F58CB61
                                                                            Function 003AB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                            • API String ID: 1256254125-769500911
                                                                            • Opcode ID: 9c6da81f8903f2faf366bd73d3312117c84c7453e2377a57ea4f3c16f775a601
                                                                            • Instruction ID: 5bbae24284285b8c0aa6aadb0b0670a97dcfa014f17671d86ebbe896e163bf42
                                                                            • Opcode Fuzzy Hash: 9c6da81f8903f2faf366bd73d3312117c84c7453e2377a57ea4f3c16f775a601
                                                                            • Instruction Fuzzy Hash: B741E932A000279BCB116F7DC8905BEF7A5FF62754B26412AE461DB296E735CD81C790
                                                                            Function 003B5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 003B53A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003B5416
                                                                            • GetLastError.KERNEL32 ref: 003B5420
                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 003B54A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                            • API String ID: 4194297153-14809454
                                                                            • Opcode ID: 5024b3037a0cdf19938b00c02697b931188457c26b47f8972aa25078b5086290
                                                                            • Instruction ID: fd929c9dae3be1b7e44e84b19fb775dbaf4c9da0372c495824ac6f1d10f471c0
                                                                            • Opcode Fuzzy Hash: 5024b3037a0cdf19938b00c02697b931188457c26b47f8972aa25078b5086290
                                                                            • Instruction Fuzzy Hash: 7931D235A002059FD712DF69C484BEA7BF8EF45309F158066E602DF692DB71ED86CB90
                                                                            Function 003D3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMenu.USER32 ref: 003D3C79
                                                                            • SetMenu.USER32(?,00000000), ref: 003D3C88
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003D3D10
                                                                            • IsMenu.USER32(?), ref: 003D3D24
                                                                            • CreatePopupMenu.USER32 ref: 003D3D2E
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003D3D5B
                                                                            • DrawMenuBar.USER32 ref: 003D3D63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                            • String ID: 0$F
                                                                            • API String ID: 161812096-3044882817
                                                                            • Opcode ID: a40d1fe6edf9e221f328d64eb94ca0db3b002545d79c55e05028dee7d058c48f
                                                                            • Instruction ID: e04a5fa0a239aa41004f6236934ce47591a4aff20539bfe0665f48b2255fb92e
                                                                            • Opcode Fuzzy Hash: a40d1fe6edf9e221f328d64eb94ca0db3b002545d79c55e05028dee7d058c48f
                                                                            • Instruction Fuzzy Hash: 91416DB5A1120AAFDB15CF64E844ADA77BAFF49350F15002AF94697360D730AE10CF55
                                                                            Function 003A1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 003A1F64
                                                                            • GetDlgCtrlID.USER32 ref: 003A1F6F
                                                                            • GetParent.USER32 ref: 003A1F8B
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 003A1F8E
                                                                            • GetDlgCtrlID.USER32(?), ref: 003A1F97
                                                                            • GetParent.USER32(?), ref: 003A1FAB
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 003A1FAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: 142db6702a21899ac03d154f476ec17af0ab98d34e4f00994464a6242a58df8d
                                                                            • Instruction ID: b6dc1effde540a4f7a7d1354bd60ab188068f0e7ce2dfba72d6c8cefd6141276
                                                                            • Opcode Fuzzy Hash: 142db6702a21899ac03d154f476ec17af0ab98d34e4f00994464a6242a58df8d
                                                                            • Instruction Fuzzy Hash: B321B074950214BFCF06AFA0DC85AEEFBB8EF06310F141256B9616B2D1CB34A904DB60
                                                                            Function 003D3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003D3A9D
                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003D3AA0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D3AC7
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003D3AEA
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003D3B62
                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 003D3BAC
                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 003D3BC7
                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 003D3BE2
                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 003D3BF6
                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 003D3C13
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 312131281-0
                                                                            • Opcode ID: f8d36e0cebab01fe6a5735167b3ac2f2dde81ba28bf91dad8347c2f835071580
                                                                            • Instruction ID: 911e39371470dc5c1bf84606e5e7f7f9a27a64745350b1411626d3027d986453
                                                                            • Opcode Fuzzy Hash: f8d36e0cebab01fe6a5735167b3ac2f2dde81ba28bf91dad8347c2f835071580
                                                                            • Instruction Fuzzy Hash: 62617C75900248AFDB11DFA8DC81EEE77B8EB09700F10419AFA15AB3A1D774AE45DB50
                                                                            Function 003AB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 003AB151
                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB165
                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 003AB16C
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB17B
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 003AB18D
                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB1A6
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB1B8
                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB1FD
                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB212
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,003AA1E1,?,00000001), ref: 003AB21D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                            • String ID:
                                                                            • API String ID: 2156557900-0
                                                                            • Opcode ID: 306648011ed36d5eef23d8feff2f347093acb9731a6b4abbb4cd672fd5a6c6e2
                                                                            • Instruction ID: 76f4a9bb31010f806f8aa0283cb418a7c1a22d1b940da6b49544ea0efe28f3b9
                                                                            • Opcode Fuzzy Hash: 306648011ed36d5eef23d8feff2f347093acb9731a6b4abbb4cd672fd5a6c6e2
                                                                            • Instruction Fuzzy Hash: CB31CE71520204BFDB129F24EC48BADBBADFB56356F168426FA00D6191D7B4DE00CF64
                                                                            Function 00372C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00372C94
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • _free.LIBCMT ref: 00372CA0
                                                                            • _free.LIBCMT ref: 00372CAB
                                                                            • _free.LIBCMT ref: 00372CB6
                                                                            • _free.LIBCMT ref: 00372CC1
                                                                            • _free.LIBCMT ref: 00372CCC
                                                                            • _free.LIBCMT ref: 00372CD7
                                                                            • _free.LIBCMT ref: 00372CE2
                                                                            • _free.LIBCMT ref: 00372CED
                                                                            • _free.LIBCMT ref: 00372CFB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 74e5f4975fb695d6ef6d089fc4ccb3e3c121d4fca09e0d81fff98b407f725fdf
                                                                            • Instruction ID: 04d9c68e3bbab72f20ef5ee1c9ad4edc78b69fced551fa15b0179cf7e8ccca81
                                                                            • Opcode Fuzzy Hash: 74e5f4975fb695d6ef6d089fc4ccb3e3c121d4fca09e0d81fff98b407f725fdf
                                                                            • Instruction Fuzzy Hash: FC119676100108AFCB13EF65D842CDE7BA5FF06350F4585A5FA4C5F222D735EAA09B90
                                                                            Function 003B7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003B7FAD
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B7FC1
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 003B7FEB
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 003B8005
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B8017
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 003B8060
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003B80B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                            • String ID: *.*
                                                                            • API String ID: 769691225-438819550
                                                                            • Opcode ID: b854f1e4abd5fb70987b8ce07f4b70b23fcd3fe39c52f4b1ad39f6bff479cb18
                                                                            • Instruction ID: 754d42074f1a9f71d16e228a2a14f793b8d1c5d3967d40f21eba1be1a9939570
                                                                            • Opcode Fuzzy Hash: b854f1e4abd5fb70987b8ce07f4b70b23fcd3fe39c52f4b1ad39f6bff479cb18
                                                                            • Instruction Fuzzy Hash: BD81BF715182059BCB22EF14C440AEAB3E8FFC8358F154C5AFA85CBA50EB34ED49CB52
                                                                            Function 00345BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00345C7A
                                                                              • Part of subcall function 00345D0A: GetClientRect.USER32(?,?), ref: 00345D30
                                                                              • Part of subcall function 00345D0A: GetWindowRect.USER32(?,?), ref: 00345D71
                                                                              • Part of subcall function 00345D0A: ScreenToClient.USER32(?,?), ref: 00345D99
                                                                            • GetDC.USER32 ref: 003846F5
                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00384708
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00384716
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0038472B
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00384733
                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003847C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                            • String ID: U
                                                                            • API String ID: 4009187628-3372436214
                                                                            • Opcode ID: cf3332dfa01989dc6a540fb25ba05e0b7bd4f4dbc1bb3414d8be9fd2aa57cbb8
                                                                            • Instruction ID: 32d69d7e6dfd0cd1b6f4ab3567b15efab51daa8db96172565a19b80b6a4f1796
                                                                            • Opcode Fuzzy Hash: cf3332dfa01989dc6a540fb25ba05e0b7bd4f4dbc1bb3414d8be9fd2aa57cbb8
                                                                            • Instruction Fuzzy Hash: 7E71D031800306DFCF23AF64C984ABA7BB5FF4A310F1942AAF9655A666D3319C41DF50
                                                                            Function 003B359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003B35E4
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • LoadStringW.USER32(00412390,?,00000FFF,?), ref: 003B360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-2391861430
                                                                            • Opcode ID: 51b11649b4abae28f7131294f007f67e2a14133cb4943b76232fde781ca54a94
                                                                            • Instruction ID: 2127967a987b2a837d856e2f9f0fdf14b77c00963444aa996632ab5e1576e20a
                                                                            • Opcode Fuzzy Hash: 51b11649b4abae28f7131294f007f67e2a14133cb4943b76232fde781ca54a94
                                                                            • Instruction Fuzzy Hash: D051A372940219BADF16EFA0DC42EEEBB78EF04300F144166F6057A0A1DB302B99DF65
                                                                            Function 003BC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003BC272
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003BC29A
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003BC2CA
                                                                            • GetLastError.KERNEL32 ref: 003BC322
                                                                            • SetEvent.KERNEL32(?), ref: 003BC336
                                                                            • InternetCloseHandle.WININET(00000000), ref: 003BC341
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                            • String ID:
                                                                            • API String ID: 3113390036-3916222277
                                                                            • Opcode ID: 3e83c00b709b743cac81ccda02dcdc70e15dfe71409dccbc365032e1d196825f
                                                                            • Instruction ID: 4b466f2a5275eb17c46f4b9797ef9d42ac64f842bdc80f85c2bbb6dc9c01e818
                                                                            • Opcode Fuzzy Hash: 3e83c00b709b743cac81ccda02dcdc70e15dfe71409dccbc365032e1d196825f
                                                                            • Instruction Fuzzy Hash: 85318FB5620204AFDB339F649884AEB7BFCEB49748F54951EF58AD6A00DB34DD04CB60
                                                                            Function 003A989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00383AAF,?,?,Bad directive syntax error,003DCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 003A98BC
                                                                            • LoadStringW.USER32(00000000,?,00383AAF,?), ref: 003A98C3
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 003A9987
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                            • API String ID: 858772685-4153970271
                                                                            • Opcode ID: 8293758a0f9c033e2055ba0613c8b1c795c0bca3dab009b6158ecccb1f6ebef7
                                                                            • Instruction ID: 72cc6104095a17cfed588a8bb2334bc22df5a6dfc095482c511996ab894348fc
                                                                            • Opcode Fuzzy Hash: 8293758a0f9c033e2055ba0613c8b1c795c0bca3dab009b6158ecccb1f6ebef7
                                                                            • Instruction Fuzzy Hash: FD216F3295021AABDF16AF90CC0AFEE7779FF18300F04446AF5157A0A2DB35A628DB50
                                                                            Function 003A209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32 ref: 003A20AB
                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 003A20C0
                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003A214D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameParentSend
                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                            • API String ID: 1290815626-3381328864
                                                                            • Opcode ID: f008d75805d910b158eea22f22280a0fec0567a646e41dc1d553e0b0e46753df
                                                                            • Instruction ID: 0cbfd4fc0c91786c7bae8d59626ccd0e6a7ca8be01ae629fecd14c6a8c7f6e76
                                                                            • Opcode Fuzzy Hash: f008d75805d910b158eea22f22280a0fec0567a646e41dc1d553e0b0e46753df
                                                                            • Instruction Fuzzy Hash: 54113A76684307B9FA032224EC06DA7379CDF16324F204027F704B80D1EE75B8115A18
                                                                            Function 0037CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                            • String ID:
                                                                            • API String ID: 1282221369-0
                                                                            • Opcode ID: a8034ae80a87ea24a501b3277a5775601edb9d657c43ed9bbfcc2869a102a3ee
                                                                            • Instruction ID: f5d85f9d3b37c4a003bfa3f07d57af56057683fbf33724d0ba7e4ee2aa50eac6
                                                                            • Opcode Fuzzy Hash: a8034ae80a87ea24a501b3277a5775601edb9d657c43ed9bbfcc2869a102a3ee
                                                                            • Instruction Fuzzy Hash: C2610671914301AFDB33AFB4A891AAE7BE5AF06320F05C16EF94CAB281D7399D41C750
                                                                            Function 003D50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 003D5186
                                                                            • ShowWindow.USER32(?,00000000), ref: 003D51C7
                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 003D51CD
                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 003D51D1
                                                                              • Part of subcall function 003D6FBA: DeleteObject.GDI32(00000000), ref: 003D6FE6
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D520D
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003D521A
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003D524D
                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 003D5287
                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 003D5296
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                            • String ID:
                                                                            • API String ID: 3210457359-0
                                                                            • Opcode ID: 5f991fc5aea1c1335a6e564976de5cb02aa014c6ef4f2b47a4702879e6d7312e
                                                                            • Instruction ID: 0b94da15a7dd1f8b97dca855d9f8f9c04fc3b1a29ee787b358aef8f0917d0419
                                                                            • Opcode Fuzzy Hash: 5f991fc5aea1c1335a6e564976de5cb02aa014c6ef4f2b47a4702879e6d7312e
                                                                            • Instruction Fuzzy Hash: C751D332A51A09FEEF229F24EC46BD83B75FB05361F144413FA259A3E0C375A988DB40
                                                                            Function 00358B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00396890
                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 003968A9
                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 003968B9
                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 003968D1
                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003968F2
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00358874,00000000,00000000,00000000,000000FF,00000000), ref: 00396901
                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0039691E
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00358874,00000000,00000000,00000000,000000FF,00000000), ref: 0039692D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1268354404-0
                                                                            • Opcode ID: de9796ab8ae4d477df3fb1b23ed0d7265e243506e60a3b3c0f22e9ee56661262
                                                                            • Instruction ID: b98f946a0d326b092a1f202634666880337e053b6df141f33cf830d6c9f51610
                                                                            • Opcode Fuzzy Hash: de9796ab8ae4d477df3fb1b23ed0d7265e243506e60a3b3c0f22e9ee56661262
                                                                            • Instruction Fuzzy Hash: 40519CB0610205EFDF22CF25DC52FAA7BB9FB48361F104519F952A72A0DB70E950DB40
                                                                            Function 003BC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003BC182
                                                                            • GetLastError.KERNEL32 ref: 003BC195
                                                                            • SetEvent.KERNEL32(?), ref: 003BC1A9
                                                                              • Part of subcall function 003BC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003BC272
                                                                              • Part of subcall function 003BC253: GetLastError.KERNEL32 ref: 003BC322
                                                                              • Part of subcall function 003BC253: SetEvent.KERNEL32(?), ref: 003BC336
                                                                              • Part of subcall function 003BC253: InternetCloseHandle.WININET(00000000), ref: 003BC341
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 337547030-0
                                                                            • Opcode ID: 24c4641d19329ea7ed9140e5ebccb6c038affc53678e88c1f4f59abfeac94ec5
                                                                            • Instruction ID: 40e9a5ab0bacaa2966cfe55da5195c0734e2b6fda519b196f45989c1bb840022
                                                                            • Opcode Fuzzy Hash: 24c4641d19329ea7ed9140e5ebccb6c038affc53678e88c1f4f59abfeac94ec5
                                                                            • Instruction Fuzzy Hash: 8B31A271621605AFDB329FA5DC04AA6BBFDFF54304B04681EFA56CAA10C730E910DBA0
                                                                            Function 003A25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003A3A57
                                                                              • Part of subcall function 003A3A3D: GetCurrentThreadId.KERNEL32 ref: 003A3A5E
                                                                              • Part of subcall function 003A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003A25B3), ref: 003A3A65
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 003A25BD
                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003A25DB
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 003A25DF
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 003A25E9
                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 003A2601
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 003A2605
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 003A260F
                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 003A2623
                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 003A2627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                            • String ID:
                                                                            • API String ID: 2014098862-0
                                                                            • Opcode ID: ca4de7d6f49de8611c7eb9f997028549f6d7e621ff19612f7f8c1f2091d42bd3
                                                                            • Instruction ID: 9be8bea3e380ab3a6b46b34aa94a15a01a96ec766be0a6240a238cd9df82071e
                                                                            • Opcode Fuzzy Hash: ca4de7d6f49de8611c7eb9f997028549f6d7e621ff19612f7f8c1f2091d42bd3
                                                                            • Instruction Fuzzy Hash: 2001D8307A0320BBFB1167689C8AF597F5DDB4EB11F101002F354AF0D1C9E15444CA6A
                                                                            Function 003A1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,003A1449,?,?,00000000), ref: 003A180C
                                                                            • HeapAlloc.KERNEL32(00000000,?,003A1449,?,?,00000000), ref: 003A1813
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003A1449,?,?,00000000), ref: 003A1828
                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,003A1449,?,?,00000000), ref: 003A1830
                                                                            • DuplicateHandle.KERNEL32(00000000,?,003A1449,?,?,00000000), ref: 003A1833
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003A1449,?,?,00000000), ref: 003A1843
                                                                            • GetCurrentProcess.KERNEL32(003A1449,00000000,?,003A1449,?,?,00000000), ref: 003A184B
                                                                            • DuplicateHandle.KERNEL32(00000000,?,003A1449,?,?,00000000), ref: 003A184E
                                                                            • CreateThread.KERNEL32(00000000,00000000,003A1874,00000000,00000000,00000000), ref: 003A1868
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                            • String ID:
                                                                            • API String ID: 1957940570-0
                                                                            • Opcode ID: d7276f4e6be1111c9bdde344676588fa9c79385cf6c64a3bf89c21cc6bd7d34d
                                                                            • Instruction ID: 49c2b8757f36ebd2b97a1701dd6ed312907eaa979dbffe140ba6737827ff95d8
                                                                            • Opcode Fuzzy Hash: d7276f4e6be1111c9bdde344676588fa9c79385cf6c64a3bf89c21cc6bd7d34d
                                                                            • Instruction Fuzzy Hash: 3D01CDB52A1319BFE711AFB5EC4DF6B3BACEB89B11F005411FA05DB1A1CA749800CB20
                                                                            Function 00373E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __alldvrm$_strrchr
                                                                            • String ID: }}6$}}6$}}6
                                                                            • API String ID: 1036877536-1336002142
                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction ID: 699ded05fe2ec5fdd819a02cb54e9f65d18968fedd10ad2d4f700d6bf4590666
                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction Fuzzy Hash: 66A13771E003869FD733DE18C8917AAFBE8EF65350F1581ADE5999B241C33CA981C751
                                                                            Function 003CA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003AD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 003AD501
                                                                              • Part of subcall function 003AD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 003AD50F
                                                                              • Part of subcall function 003AD4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 003AD5DC
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003CA16D
                                                                            • GetLastError.KERNEL32 ref: 003CA180
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003CA1B3
                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 003CA268
                                                                            • GetLastError.KERNEL32(00000000), ref: 003CA273
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CA2C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                            • String ID: SeDebugPrivilege
                                                                            • API String ID: 1701285019-2896544425
                                                                            • Opcode ID: 0d75f9ad92b0930dfd2c17a8a7e841c90a1f28a2026a977927507307de3f040e
                                                                            • Instruction ID: 86f6019ae2180da0ffc993a02f53be84c56478f7b5768ccc0e60a82067c772ec
                                                                            • Opcode Fuzzy Hash: 0d75f9ad92b0930dfd2c17a8a7e841c90a1f28a2026a977927507307de3f040e
                                                                            • Instruction Fuzzy Hash: 9061BC302196429FD322DF18C494F16BBE5AF44318F19848CE4668FBA3C776EC49CB82
                                                                            Function 003D3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003D3925
                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 003D393A
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003D3954
                                                                            • _wcslen.LIBCMT ref: 003D3999
                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 003D39C6
                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003D39F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window_wcslen
                                                                            • String ID: SysListView32
                                                                            • API String ID: 2147712094-78025650
                                                                            • Opcode ID: bcc76a5f41e2d9a8a8627856864a0aa2375a37be64758308d5cc585b78c6d486
                                                                            • Instruction ID: 359245bc7eb282acce5bdca0ecbd87f40fce6983391c5d806915b739a297da1f
                                                                            • Opcode Fuzzy Hash: bcc76a5f41e2d9a8a8627856864a0aa2375a37be64758308d5cc585b78c6d486
                                                                            • Instruction Fuzzy Hash: 2E41C272A00219ABEF229F64DC45BEA7BA9EF08350F110527F958E7281D771DE84CB90
                                                                            Function 003ABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003ABCFD
                                                                            • IsMenu.USER32(00000000), ref: 003ABD1D
                                                                            • CreatePopupMenu.USER32 ref: 003ABD53
                                                                            • GetMenuItemCount.USER32(014E4860), ref: 003ABDA4
                                                                            • InsertMenuItemW.USER32(014E4860,?,00000001,00000030), ref: 003ABDCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                            • String ID: 0$2
                                                                            • API String ID: 93392585-3793063076
                                                                            • Opcode ID: 2fb9e5d07aed350a979afb0c92f292c6a6ef096f55303ecf43660d2691a56616
                                                                            • Instruction ID: 2e35a81ddc27244aee177928cbf246b24080c485535b08da5b695a9456115a74
                                                                            • Opcode Fuzzy Hash: 2fb9e5d07aed350a979afb0c92f292c6a6ef096f55303ecf43660d2691a56616
                                                                            • Instruction Fuzzy Hash: F051AD70A002459BDF12CFB9D888BAEFBF9FF47314F14825AE401AB292D7709944CB61
                                                                            Function 00362D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00362D4B
                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00362D53
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00362DE1
                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00362E0C
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00362E61
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                            • String ID: &H6$csm
                                                                            • API String ID: 1170836740-834592613
                                                                            • Opcode ID: 4ed2af78d02722541f54e43441e5328fa894939baa766714e5ed12595a49cf91
                                                                            • Instruction ID: ac8b97587b2ede492782c2dbdf1f6d5e07b4261b49983c6cec24d15311a00748
                                                                            • Opcode Fuzzy Hash: 4ed2af78d02722541f54e43441e5328fa894939baa766714e5ed12595a49cf91
                                                                            • Instruction Fuzzy Hash: 6D41C434A00609EBCF12DF68C885ADFBBB5BF45324F16C165E8246B396D7719A05CBD0
                                                                            Function 003AC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 003AC913
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoad
                                                                            • String ID: blank$info$question$stop$warning
                                                                            • API String ID: 2457776203-404129466
                                                                            • Opcode ID: 1f865fcfd700ea37f5394fb4f51591b632dddb332e71351ec6d401a05d3847bc
                                                                            • Instruction ID: 35b5347dfaf98c6f1fc0f5d5531d7b96e14db8f547cf24c4e29d5ac534170bd4
                                                                            • Opcode Fuzzy Hash: 1f865fcfd700ea37f5394fb4f51591b632dddb332e71351ec6d401a05d3847bc
                                                                            • Instruction Fuzzy Hash: 00112B35AA9306BAE7035B54DC82DAB27DCDF16314B21503FF500AA2C2D7B85D00926D
                                                                            Function 003ADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                            • String ID: 0.0.0.0
                                                                            • API String ID: 642191829-3771769585
                                                                            • Opcode ID: 33efb841adf469bd951be87412e7391012e5005898a7d4e2acf08a1061de3158
                                                                            • Instruction ID: e74e2e408c7ea60c8876469b411de0631ca2b9f627d590ccd4dcc4585deaed1c
                                                                            • Opcode Fuzzy Hash: 33efb841adf469bd951be87412e7391012e5005898a7d4e2acf08a1061de3158
                                                                            • Instruction Fuzzy Hash: 64112931914115AFCB26BB70EC4AEEF77ACDF12711F01026AF556AE491EF718A81CA60
                                                                            Function 003D9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 003D9FC7
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 003D9FE7
                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 003DA224
                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 003DA242
                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 003DA263
                                                                            • ShowWindow.USER32(00000003,00000000), ref: 003DA282
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 003DA2A7
                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 003DA2CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                            • String ID:
                                                                            • API String ID: 1211466189-0
                                                                            • Opcode ID: a8ff4bb2e5fa7e3270444375f1370ea5d38b8afbc847dcc192828a8dcf26fa25
                                                                            • Instruction ID: 032bfa090c0a2a9cf6c484d367a1019ebe6355315675371c60adeb43af3a6283
                                                                            • Opcode Fuzzy Hash: a8ff4bb2e5fa7e3270444375f1370ea5d38b8afbc847dcc192828a8dcf26fa25
                                                                            • Instruction Fuzzy Hash: 00B1D932600615EFCF16CF69DA857AE7BB2FF44301F09806AEC499B395D731AA40CB51
                                                                            Function 003AED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$LocalTime
                                                                            • String ID:
                                                                            • API String ID: 952045576-0
                                                                            • Opcode ID: 0487f025143bc78773fc3ac9dd0cb205f53db8124c551f5ae8d43997480abb7d
                                                                            • Instruction ID: 94d1e69c1b494d37fd6c57c7d5a2d78740fdb919c1c9e14ea10112f5e23947c4
                                                                            • Opcode Fuzzy Hash: 0487f025143bc78773fc3ac9dd0cb205f53db8124c551f5ae8d43997480abb7d
                                                                            • Instruction Fuzzy Hash: 3541B065D1021876DB12EBF4888A9CFB7A8EF46310F50C862E518E7126FB34E255C3E6
                                                                            Function 0035F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0039682C,00000004,00000000,00000000), ref: 0035F953
                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0039682C,00000004,00000000,00000000), ref: 0039F3D1
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0039682C,00000004,00000000,00000000), ref: 0039F454
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ShowWindow
                                                                            • String ID:
                                                                            • API String ID: 1268545403-0
                                                                            • Opcode ID: 0fca10d845d739e6383f2cb04a5f83b088d1a7d98b5370bae0f5947d3e2adb5a
                                                                            • Instruction ID: f948760d8ccb80b47bc03e882569be7d84232894d636cf5f11b8ffb3436a5904
                                                                            • Opcode Fuzzy Hash: 0fca10d845d739e6383f2cb04a5f83b088d1a7d98b5370bae0f5947d3e2adb5a
                                                                            • Instruction Fuzzy Hash: 8C415E31214E80BECB379B3DD888F6A7B99AF46316F15403DE84796970C732A888CB51
                                                                            Function 003D2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 003D2D1B
                                                                            • GetDC.USER32(00000000), ref: 003D2D23
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003D2D2E
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 003D2D3A
                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 003D2D76
                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003D2D87
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003D5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 003D2DC2
                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003D2DE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 3864802216-0
                                                                            • Opcode ID: fd673b63c380fc11ad86dae2489b7507b4a90e4660443eb4cda0c5d54c923e08
                                                                            • Instruction ID: 787c321258883b8d80d1463c2bc5d110160d953e3d0b48950a8ae1127e5ba6e7
                                                                            • Opcode Fuzzy Hash: fd673b63c380fc11ad86dae2489b7507b4a90e4660443eb4cda0c5d54c923e08
                                                                            • Instruction Fuzzy Hash: 70318072222214BFEB124F50EC89FEB3FADEF19715F084056FE089A291D6759C50C7A4
                                                                            Function 003A5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: d3a6154c1ebb8ab1a1e0930b7f3df44b14dcf59fe44217aafd088d7bf7c43f47
                                                                            • Instruction ID: e089fd36e07facd006f9a67a778785ad9f321665ff44a0b3a7f364b61d593151
                                                                            • Opcode Fuzzy Hash: d3a6154c1ebb8ab1a1e0930b7f3df44b14dcf59fe44217aafd088d7bf7c43f47
                                                                            • Instruction Fuzzy Hash: CC21C666641A09BBD21B56209EC2FFA335CEF22385F588021FD169FB95F721ED2081A5
                                                                            Function 003C4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                            • API String ID: 0-572801152
                                                                            • Opcode ID: 12e19275b1315baea382330d20fa478de62a893d3beb47fa7aee92e0163070a1
                                                                            • Instruction ID: 886c1f8b13b457c6130fc7aa744ed5ba161c9f71625bd23c0534c3a12db7f2d0
                                                                            • Opcode Fuzzy Hash: 12e19275b1315baea382330d20fa478de62a893d3beb47fa7aee92e0163070a1
                                                                            • Instruction Fuzzy Hash: 99D1AC75A0060A9FDF11CFA8C880FAEB7B5BB48344F15856DE915EB281E770ED81CB90
                                                                            Function 00381522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCPInfo.KERNEL32(?,?), ref: 003815CE
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00381651
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003816E4
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003816FB
                                                                              • Part of subcall function 00373820: RtlAllocateHeap.NTDLL(00000000,?,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6,?,00341129), ref: 00373852
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00381777
                                                                            • __freea.LIBCMT ref: 003817A2
                                                                            • __freea.LIBCMT ref: 003817AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                            • String ID:
                                                                            • API String ID: 2829977744-0
                                                                            • Opcode ID: 78b8e99361463c050b0adc90be7e377c54697bcc03216a2b3a7ee65662507d30
                                                                            • Instruction ID: 5ee18da78a223c7781ecf8134feffc7751c74bee733826aa84af04eb874547eb
                                                                            • Opcode Fuzzy Hash: 78b8e99361463c050b0adc90be7e377c54697bcc03216a2b3a7ee65662507d30
                                                                            • Instruction Fuzzy Hash: 6A91C572E103169ADF22AE74CC81AEE7BBDAF49310F194699F805E7141D735CD46CB60
                                                                            Function 003C4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit
                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                            • API String ID: 2610073882-625585964
                                                                            • Opcode ID: 60f6d0584bdd4f4e4a010efcf8989fc32ed084e87550cdcbd5f9042ab4dd092c
                                                                            • Instruction ID: 48c6cbb54dc80a603b891ecbfb2bad5d9a92f06e7e20ae0360590bf21a5934f2
                                                                            • Opcode Fuzzy Hash: 60f6d0584bdd4f4e4a010efcf8989fc32ed084e87550cdcbd5f9042ab4dd092c
                                                                            • Instruction Fuzzy Hash: 2A91AE71A00219ABDF22CFA4C894FAEBBB8EF46714F10855EF515EB280D7709D45CBA0
                                                                            Function 003B1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 003B125C
                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 003B1284
                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 003B12A8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003B12D8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003B135F
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003B13C4
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003B1430
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                            • String ID:
                                                                            • API String ID: 2550207440-0
                                                                            • Opcode ID: 432978746cf25585ebb30fcb2daad8583ad4d32813de7a154888038def690a32
                                                                            • Instruction ID: 6746600c9dd97550ff4aaf0d7806fca09d968ded89527c92c83879dc6b6322c7
                                                                            • Opcode Fuzzy Hash: 432978746cf25585ebb30fcb2daad8583ad4d32813de7a154888038def690a32
                                                                            • Instruction Fuzzy Hash: 59911471A102099FDB02DF95C8A4BFEB7B9FF45319F114429EA00EFA91D774A941CB90
                                                                            Function 0035948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 5afda1ef2afa12eaf23d8a8ffc5e37a3902cfb7d5f0e6b4eb4513a6a2ee0d767
                                                                            • Instruction ID: 368b0b03c29bfb2166220ae3a971ac1604658effd884542661211c83cebe9773
                                                                            • Opcode Fuzzy Hash: 5afda1ef2afa12eaf23d8a8ffc5e37a3902cfb7d5f0e6b4eb4513a6a2ee0d767
                                                                            • Instruction Fuzzy Hash: 84912771900219EFCB12CFA9CC84AEEBBB8FF49320F144556E915B7261D374A955CB60
                                                                            Function 003C3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 003C396B
                                                                            • CharUpperBuffW.USER32(?,?), ref: 003C3A7A
                                                                            • _wcslen.LIBCMT ref: 003C3A8A
                                                                            • VariantClear.OLEAUT32(?), ref: 003C3C1F
                                                                              • Part of subcall function 003B0CDF: VariantInit.OLEAUT32(00000000), ref: 003B0D1F
                                                                              • Part of subcall function 003B0CDF: VariantCopy.OLEAUT32(?,?), ref: 003B0D28
                                                                              • Part of subcall function 003B0CDF: VariantClear.OLEAUT32(?), ref: 003B0D34
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                            • API String ID: 4137639002-1221869570
                                                                            • Opcode ID: 9edf0b67757a5653144ea4b88329861579680baa95beb3112be26b7fab486383
                                                                            • Instruction ID: a9cdfb32550c3f87faf72c16f5d4d607fe4a158ac3c1be8875438083f295f1e2
                                                                            • Opcode Fuzzy Hash: 9edf0b67757a5653144ea4b88329861579680baa95beb3112be26b7fab486383
                                                                            • Instruction Fuzzy Hash: BD912575A083059FC705DF28C481A6AB7E4FF89314F14896EF88A9B351DB31EE45CB92
                                                                            Function 003C4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?,?,003A035E), ref: 003A002B
                                                                              • Part of subcall function 003A000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?), ref: 003A0046
                                                                              • Part of subcall function 003A000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?), ref: 003A0054
                                                                              • Part of subcall function 003A000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?), ref: 003A0064
                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 003C4C51
                                                                            • _wcslen.LIBCMT ref: 003C4D59
                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 003C4DCF
                                                                            • CoTaskMemFree.OLE32(?), ref: 003C4DDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                            • String ID: NULL Pointer assignment
                                                                            • API String ID: 614568839-2785691316
                                                                            • Opcode ID: d8fb11d95d9e173c7ab7ea3a726812626a3567012381d6920b24a2f5a196e617
                                                                            • Instruction ID: 31e486a2d57fe49b86d6e52e19d98bf2af9119c7234bca4d24058ca3c7c3f366
                                                                            • Opcode Fuzzy Hash: d8fb11d95d9e173c7ab7ea3a726812626a3567012381d6920b24a2f5a196e617
                                                                            • Instruction Fuzzy Hash: 1A91F571D00219AFDF16DFA4D891EEEB7B8BF08314F11816AE915AB251DB30AE44CF60
                                                                            Function 003D20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenu.USER32(?), ref: 003D2183
                                                                            • GetMenuItemCount.USER32(00000000), ref: 003D21B5
                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003D21DD
                                                                            • _wcslen.LIBCMT ref: 003D2213
                                                                            • GetMenuItemID.USER32(?,?), ref: 003D224D
                                                                            • GetSubMenu.USER32(?,?), ref: 003D225B
                                                                              • Part of subcall function 003A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003A3A57
                                                                              • Part of subcall function 003A3A3D: GetCurrentThreadId.KERNEL32 ref: 003A3A5E
                                                                              • Part of subcall function 003A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003A25B3), ref: 003A3A65
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003D22E3
                                                                              • Part of subcall function 003AE97B: Sleep.KERNEL32 ref: 003AE9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                            • String ID:
                                                                            • API String ID: 4196846111-0
                                                                            • Opcode ID: f1bccfad3020ab2da9424e14d6c595e233c10d79365e436e304ab2f9c5350ba0
                                                                            • Instruction ID: 5834ba3fcb873590f6249021a71206967fc382bd304cab012fcd558a919ae88c
                                                                            • Opcode Fuzzy Hash: f1bccfad3020ab2da9424e14d6c595e233c10d79365e436e304ab2f9c5350ba0
                                                                            • Instruction Fuzzy Hash: 7D71AD76E00205AFCB02DF64D841AAEB7F5EF58310F15885AF816EB351DB35EE418B90
                                                                            Function 003D7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(014E4630), ref: 003D7F37
                                                                            • IsWindowEnabled.USER32(014E4630), ref: 003D7F43
                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 003D801E
                                                                            • SendMessageW.USER32(014E4630,000000B0,?,?), ref: 003D8051
                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 003D8089
                                                                            • GetWindowLongW.USER32(014E4630,000000EC), ref: 003D80AB
                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 003D80C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                            • String ID:
                                                                            • API String ID: 4072528602-0
                                                                            • Opcode ID: 23baf10f6e91ed824d23dc75ffae3d9a8c7c7915eaa011f3b6f9c82e86904979
                                                                            • Instruction ID: 94485a8128d19f3a5d1137d0b0e1a016a7460a605dbab9e29916a8bea95d2de9
                                                                            • Opcode Fuzzy Hash: 23baf10f6e91ed824d23dc75ffae3d9a8c7c7915eaa011f3b6f9c82e86904979
                                                                            • Instruction Fuzzy Hash: 9771A076608204AFEB339F54E884FEABBBDEF09300F15405BE955973A1DB31A945CB10
                                                                            Function 003AAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(?), ref: 003AAEF9
                                                                            • GetKeyboardState.USER32(?), ref: 003AAF0E
                                                                            • SetKeyboardState.USER32(?), ref: 003AAF6F
                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 003AAF9D
                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 003AAFBC
                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 003AAFFD
                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003AB020
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 1bfb8280f39c989943767dca72e73e37acfd8897d0624903207516af1b7ea24b
                                                                            • Instruction ID: 4b438c5ad840164e945430688b4b0087d4d220e49dc3e0930a913a303b42c135
                                                                            • Opcode Fuzzy Hash: 1bfb8280f39c989943767dca72e73e37acfd8897d0624903207516af1b7ea24b
                                                                            • Instruction Fuzzy Hash: BD51B1A1614BD53DFB3B82348C45BBABEA99B07304F09858AE1D9598C3C398A8C8D751
                                                                            Function 003AACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(00000000), ref: 003AAD19
                                                                            • GetKeyboardState.USER32(?), ref: 003AAD2E
                                                                            • SetKeyboardState.USER32(?), ref: 003AAD8F
                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003AADBB
                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003AADD8
                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003AAE17
                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003AAE38
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: ba84b72c49b2c54a44e962533f441489802fba9eace6e226125cf9ac09ff2044
                                                                            • Instruction ID: c911c6ccbb5f66de5d72b2b4364086130ebe50e6366dc8e9a1a73485987dc865
                                                                            • Opcode Fuzzy Hash: ba84b72c49b2c54a44e962533f441489802fba9eace6e226125cf9ac09ff2044
                                                                            • Instruction Fuzzy Hash: 7A51E3A2514BD53DFB3783348C55B7ABEA8EB47300F088489E1D54A8C3D394EC88E762
                                                                            Function 0037542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetConsoleCP.KERNEL32(00383CD6,?,?,?,?,?,?,?,?,00375BA3,?,?,00383CD6,?,?), ref: 00375470
                                                                            • __fassign.LIBCMT ref: 003754EB
                                                                            • __fassign.LIBCMT ref: 00375506
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00383CD6,00000005,00000000,00000000), ref: 0037552C
                                                                            • WriteFile.KERNEL32(?,00383CD6,00000000,00375BA3,00000000,?,?,?,?,?,?,?,?,?,00375BA3,?), ref: 0037554B
                                                                            • WriteFile.KERNEL32(?,?,00000001,00375BA3,00000000,?,?,?,?,?,?,?,?,?,00375BA3,?), ref: 00375584
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                            • String ID:
                                                                            • API String ID: 1324828854-0
                                                                            • Opcode ID: 2310e985948671fb10a51a4a5b54c278565070d982d92265baf5ac7bfbe27e5d
                                                                            • Instruction ID: fd83b5da430f6c74ae469eee20019c08b15fbe95f4fa8b44c483c12ff6f16549
                                                                            • Opcode Fuzzy Hash: 2310e985948671fb10a51a4a5b54c278565070d982d92265baf5ac7bfbe27e5d
                                                                            • Instruction Fuzzy Hash: A951F970A006499FDB26CFA8D841AEEBBF9EF09310F14811EF55AE7291D774DA41CB60
                                                                            Function 003C10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003C307A
                                                                              • Part of subcall function 003C304E: _wcslen.LIBCMT ref: 003C309B
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003C1112
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1121
                                                                            • WSAGetLastError.WSOCK32 ref: 003C11C9
                                                                            • closesocket.WSOCK32(00000000), ref: 003C11F9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 2675159561-0
                                                                            • Opcode ID: bb08c61c9ea4e64351fe7da1fac6e491db5f03b919244912a0b942693654023f
                                                                            • Instruction ID: 20a424ca23f7038fec94d79bd6234cee39e6fe8e02cad223318491e16a11c8dd
                                                                            • Opcode Fuzzy Hash: bb08c61c9ea4e64351fe7da1fac6e491db5f03b919244912a0b942693654023f
                                                                            • Instruction Fuzzy Hash: 21411431610205AFDB129F14D885FAAB7E9EF46324F188059FD16DF292C778EE41CBA0
                                                                            Function 003ACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003ACF22,?), ref: 003ADDFD
                                                                              • Part of subcall function 003ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003ACF22,?), ref: 003ADE16
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 003ACF45
                                                                            • MoveFileW.KERNEL32(?,?), ref: 003ACF7F
                                                                            • _wcslen.LIBCMT ref: 003AD005
                                                                            • _wcslen.LIBCMT ref: 003AD01B
                                                                            • SHFileOperationW.SHELL32(?), ref: 003AD061
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                            • String ID: \*.*
                                                                            • API String ID: 3164238972-1173974218
                                                                            • Opcode ID: c28a9eacc191a97539df82b837e4dededaad825df017723f635bf9c672904e29
                                                                            • Instruction ID: 9142b6f4ff7e5964d1162aca6718c42b395cf1aaf1b81577ebbd5cefb1b606da
                                                                            • Opcode Fuzzy Hash: c28a9eacc191a97539df82b837e4dededaad825df017723f635bf9c672904e29
                                                                            • Instruction Fuzzy Hash: 994151719452199FDF13EBA4D981ADEB7BCEF09780F1000E6E505EB142EB34AB88CB50
                                                                            Function 003D2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 003D2E1C
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D2E4F
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D2E84
                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 003D2EB6
                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 003D2EE0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D2EF1
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003D2F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 2178440468-0
                                                                            • Opcode ID: 2ed3bee5f2177a9f8116018ac6fcc812a45a265a0392db38d7cc7715b378cabe
                                                                            • Instruction ID: 78df12705a835ef0f1a393ea3f3c81ecb393331479f7bc51adf35cfdbbf28a11
                                                                            • Opcode Fuzzy Hash: 2ed3bee5f2177a9f8116018ac6fcc812a45a265a0392db38d7cc7715b378cabe
                                                                            • Instruction Fuzzy Hash: 973115326551419FDB22CF19EC84FA637E5FBAA710F1A51A6FA108F2B1CB71E840DB00
                                                                            Function 003A7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003A7769
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003A778F
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 003A7792
                                                                            • SysAllocString.OLEAUT32(?), ref: 003A77B0
                                                                            • SysFreeString.OLEAUT32(?), ref: 003A77B9
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 003A77DE
                                                                            • SysAllocString.OLEAUT32(?), ref: 003A77EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 98750579c4fc3167a1ecaf6ef9b010f5d77a5759cc9685e80a06a9838bc4e087
                                                                            • Instruction ID: c90a8b2171ddc100678d6786b7447156da6c8e3ce1980d459566e81a74b4e911
                                                                            • Opcode Fuzzy Hash: 98750579c4fc3167a1ecaf6ef9b010f5d77a5759cc9685e80a06a9838bc4e087
                                                                            • Instruction Fuzzy Hash: EB21C476615219AFDF12DFA8DC88CFB73ACEB0A364B008126F914DB160D670DC41C760
                                                                            Function 003A77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003A7842
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003A7868
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 003A786B
                                                                            • SysAllocString.OLEAUT32 ref: 003A788C
                                                                            • SysFreeString.OLEAUT32 ref: 003A7895
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 003A78AF
                                                                            • SysAllocString.OLEAUT32(?), ref: 003A78BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 5499010d7e803880bdea19fec6b28e699b4efdd476016f40f497d334dc07d3d8
                                                                            • Instruction ID: dfff66fe54ab91475e216b71c25dbb9b01914e442130f89c8fb7600d12fcdf15
                                                                            • Opcode Fuzzy Hash: 5499010d7e803880bdea19fec6b28e699b4efdd476016f40f497d334dc07d3d8
                                                                            • Instruction Fuzzy Hash: 1821C131618205AFDB12AFB8DCCDDAA77ECEF0A360B108125F914CB2A4D678DC41CB64
                                                                            Function 003B04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 003B04F2
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003B052E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: a8cb1505afb66f3459e3b53a31169df96630cb746d4f220899ebeb8887aa996a
                                                                            • Instruction ID: 10b85625f86f8093413fd94a651ce83fdc0cdd945aec232a4422e16e73b9dd13
                                                                            • Opcode Fuzzy Hash: a8cb1505afb66f3459e3b53a31169df96630cb746d4f220899ebeb8887aa996a
                                                                            • Instruction Fuzzy Hash: C12182755043059FDF359F69DC04ADB77E8AF46728F204A1AFAA1D69E0D7709940CF20
                                                                            Function 003B05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 003B05C6
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003B0601
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 3391fbb6624849df9755bb5e1146b17b8739173672523da165c4cc4227184952
                                                                            • Instruction ID: f9139d0d7b550ce5ab4ac1c1abae55e8223e88684bfb1954419cfe71fc3f63a8
                                                                            • Opcode Fuzzy Hash: 3391fbb6624849df9755bb5e1146b17b8739173672523da165c4cc4227184952
                                                                            • Instruction Fuzzy Hash: 312171755003059BDB269F69DC04BDB77E8FF95728F200B1AEAA1E76E0D7709860CB10
                                                                            Function 003D40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0034600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0034604C
                                                                              • Part of subcall function 0034600E: GetStockObject.GDI32(00000011), ref: 00346060
                                                                              • Part of subcall function 0034600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0034606A
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003D4112
                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003D411F
                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003D412A
                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003D4139
                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003D4145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                            • String ID: Msctls_Progress32
                                                                            • API String ID: 1025951953-3636473452
                                                                            • Opcode ID: f776c028c16318129e44126109be1c8e82e238ae7867d10ee8b077f080a2943f
                                                                            • Instruction ID: 0420a046dd932928cd7a41d0c76fc612d69b4b1a01aef5f1926f0165f5e3ea0d
                                                                            • Opcode Fuzzy Hash: f776c028c16318129e44126109be1c8e82e238ae7867d10ee8b077f080a2943f
                                                                            • Instruction Fuzzy Hash: D41193B2150219BFEF119F64DC86EE77F6DEF08798F014111B718A6190C6769C21DBA4
                                                                            Function 0037D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0037D7A3: _free.LIBCMT ref: 0037D7CC
                                                                            • _free.LIBCMT ref: 0037D82D
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • _free.LIBCMT ref: 0037D838
                                                                            • _free.LIBCMT ref: 0037D843
                                                                            • _free.LIBCMT ref: 0037D897
                                                                            • _free.LIBCMT ref: 0037D8A2
                                                                            • _free.LIBCMT ref: 0037D8AD
                                                                            • _free.LIBCMT ref: 0037D8B8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction ID: b41c83cf2b6ba47429a9b127b81e53f1e1f9620842be642776a701f50eadfbca
                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction Fuzzy Hash: 4D114F71540B44AAD533BFB4CC87FCBBBEC6F42700F448825B29DAE092DB6AB5554650
                                                                            Function 003ADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003ADA74
                                                                            • LoadStringW.USER32(00000000), ref: 003ADA7B
                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003ADA91
                                                                            • LoadStringW.USER32(00000000), ref: 003ADA98
                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003ADADC
                                                                            Strings
                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 003ADAB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                            • API String ID: 4072794657-3128320259
                                                                            • Opcode ID: 1e62b4e6748a42a094396466925bc91774cdad267da7f123731ebad38d95ef92
                                                                            • Instruction ID: a7d8ed84bbc967b904ff0dc387030d503feb8ccc0ae34fe1214f6a340e4e6a8a
                                                                            • Opcode Fuzzy Hash: 1e62b4e6748a42a094396466925bc91774cdad267da7f123731ebad38d95ef92
                                                                            • Instruction Fuzzy Hash: CB0186F69202197FE7129BA4ED89EEB336CE709301F401593B746E2041EA749E848F74
                                                                            Function 003B096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(014DD5D8,014DD5D8), ref: 003B097B
                                                                            • EnterCriticalSection.KERNEL32(014DD5B8,00000000), ref: 003B098D
                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 003B099B
                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 003B09A9
                                                                            • CloseHandle.KERNEL32(?), ref: 003B09B8
                                                                            • InterlockedExchange.KERNEL32(014DD5D8,000001F6), ref: 003B09C8
                                                                            • LeaveCriticalSection.KERNEL32(014DD5B8), ref: 003B09CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                            • String ID:
                                                                            • API String ID: 3495660284-0
                                                                            • Opcode ID: 83e13c41e838a67109e423156d8146e93c8d583f8f82a8c2ebe8c5abac7fc921
                                                                            • Instruction ID: 8ea2016c27f67fe092f9cdb14b641e1ee9c6108911fc97eca91db530fc37b894
                                                                            • Opcode Fuzzy Hash: 83e13c41e838a67109e423156d8146e93c8d583f8f82a8c2ebe8c5abac7fc921
                                                                            • Instruction Fuzzy Hash: 34F019324A3A13ABDB565BA4EE88BD6BB39BF01702F402526F202908A0C7749465CF90
                                                                            Function 00345D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?,?), ref: 00345D30
                                                                            • GetWindowRect.USER32(?,?), ref: 00345D71
                                                                            • ScreenToClient.USER32(?,?), ref: 00345D99
                                                                            • GetClientRect.USER32(?,?), ref: 00345ED7
                                                                            • GetWindowRect.USER32(?,?), ref: 00345EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$Window$Screen
                                                                            • String ID:
                                                                            • API String ID: 1296646539-0
                                                                            • Opcode ID: 9fc380b76b0cf1318a14c038b99e3e0a528b56693acaf20dbd8f7e07dc445264
                                                                            • Instruction ID: 6dd916f61d753c9053202efae1b541617f47121210f727ef008dde100a81905b
                                                                            • Opcode Fuzzy Hash: 9fc380b76b0cf1318a14c038b99e3e0a528b56693acaf20dbd8f7e07dc445264
                                                                            • Instruction Fuzzy Hash: 57B18834A10B4ADBDB11DFA9C4807EEB7F5FF48310F14941AE8A9DB650DB34AA81CB50
                                                                            Function 003701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __allrem.LIBCMT ref: 003700BA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003700D6
                                                                            • __allrem.LIBCMT ref: 003700ED
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037010B
                                                                            • __allrem.LIBCMT ref: 00370122
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00370140
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                            • String ID:
                                                                            • API String ID: 1992179935-0
                                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction ID: 66b5ad4d9aff639cc0a99b3314eb6e5fb518c6a056a4227cb41a5a4f52a170ba
                                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction Fuzzy Hash: D4811575A00706DFE736AE28DC41B6BB3A8AF41724F25C23AF514DA681E7B8D9008B50
                                                                            Function 003C1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003C3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,003C101C,00000000,?,?,00000000), ref: 003C3195
                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 003C1DC0
                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003C1DE1
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1DF2
                                                                            • inet_ntoa.WSOCK32(?), ref: 003C1E8C
                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 003C1EDB
                                                                            • _strlen.LIBCMT ref: 003C1F35
                                                                              • Part of subcall function 003A39E8: _strlen.LIBCMT ref: 003A39F2
                                                                              • Part of subcall function 00346D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0035CF58,?,?,?), ref: 00346DBA
                                                                              • Part of subcall function 00346D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0035CF58,?,?,?), ref: 00346DED
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                            • String ID:
                                                                            • API String ID: 1923757996-0
                                                                            • Opcode ID: 481f86b0971e979acf2df61be9a8d4564328eab793e564e969a183c360a59eeb
                                                                            • Instruction ID: 8eb4b146bf0b9069f48cd59d6ce8115db2d0c6d95ce4af1c0083a210feadd35d
                                                                            • Opcode Fuzzy Hash: 481f86b0971e979acf2df61be9a8d4564328eab793e564e969a183c360a59eeb
                                                                            • Instruction Fuzzy Hash: DEA17B71104340AFC316DF24C895F2AB7E5AF86318F548A4CF4569F2A2CB71ED46CB92
                                                                            Function 003761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003682D9,003682D9,?,?,?,0037644F,00000001,00000001,8BE85006), ref: 00376258
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0037644F,00000001,00000001,8BE85006,?,?,?), ref: 003762DE
                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003763D8
                                                                            • __freea.LIBCMT ref: 003763E5
                                                                              • Part of subcall function 00373820: RtlAllocateHeap.NTDLL(00000000,?,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6,?,00341129), ref: 00373852
                                                                            • __freea.LIBCMT ref: 003763EE
                                                                            • __freea.LIBCMT ref: 00376413
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1414292761-0
                                                                            • Opcode ID: fab2e98e60ab201a055af7d443c20d70391f5649aa40711342584979d691d9df
                                                                            • Instruction ID: dcab09dae16ebbab21ed7a7140c519513fdc4361f3f144d5130dbcf344802a2d
                                                                            • Opcode Fuzzy Hash: fab2e98e60ab201a055af7d443c20d70391f5649aa40711342584979d691d9df
                                                                            • Instruction Fuzzy Hash: D251E272600A16ABEB378F64CC92EAF77A9EF44710F168629FC09DA151DB38DC44D760
                                                                            Function 003CBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003CB6AE,?,?), ref: 003CC9B5
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CC9F1
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA68
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003CBCCA
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003CBD25
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CBD6A
                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003CBD99
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003CBDF3
                                                                            • RegCloseKey.ADVAPI32(?), ref: 003CBDFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                            • String ID:
                                                                            • API String ID: 1120388591-0
                                                                            • Opcode ID: 634662f91c55536c96f258460f5fafcb999b744c2fa0b817b40e279804f9cae5
                                                                            • Instruction ID: 82b5528549c7a132485e4085fb5343295369d1e9559e3084b5205e6d826eb65f
                                                                            • Opcode Fuzzy Hash: 634662f91c55536c96f258460f5fafcb999b744c2fa0b817b40e279804f9cae5
                                                                            • Instruction Fuzzy Hash: E7816E70118241AFD716DF24C886E2ABBE9FF84308F14855DF55A8F2A2DB31ED45CB92
                                                                            Function 0039F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000035), ref: 0039F7B9
                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0039F860
                                                                            • VariantCopy.OLEAUT32(0039FA64,00000000), ref: 0039F889
                                                                            • VariantClear.OLEAUT32(0039FA64), ref: 0039F8AD
                                                                            • VariantCopy.OLEAUT32(0039FA64,00000000), ref: 0039F8B1
                                                                            • VariantClear.OLEAUT32(?), ref: 0039F8BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                            • String ID:
                                                                            • API String ID: 3859894641-0
                                                                            • Opcode ID: 6cb2f2323670133e87bafb7f343ee8fa98bf38f253f5546e48df1ffe9e3b1982
                                                                            • Instruction ID: c2d4ed1c96ee9dcc1355c1a83659b73933fadd33c984a46b6a1b3b5946b3f6db
                                                                            • Opcode Fuzzy Hash: 6cb2f2323670133e87bafb7f343ee8fa98bf38f253f5546e48df1ffe9e3b1982
                                                                            • Instruction Fuzzy Hash: 5C51EE31610310BEDF62AB65D895B69B3E8EF45320F249467E806DF296DB70DC40CBA6
                                                                            Function 003B910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00347620: _wcslen.LIBCMT ref: 00347625
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 003B94E5
                                                                            • _wcslen.LIBCMT ref: 003B9506
                                                                            • _wcslen.LIBCMT ref: 003B952D
                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 003B9585
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                            • String ID: X
                                                                            • API String ID: 83654149-3081909835
                                                                            • Opcode ID: 902e5098a0fcd6e1f2215aeef2132d61f42f1da1fa479038a947aff35c542bbf
                                                                            • Instruction ID: 4e19c9f721b7aaf864c6b9356d1a0da025a6586e83503b6f41f8eb6ae10997bc
                                                                            • Opcode Fuzzy Hash: 902e5098a0fcd6e1f2215aeef2132d61f42f1da1fa479038a947aff35c542bbf
                                                                            • Instruction Fuzzy Hash: 06E194315043409FD726DF24C481BAAB7E4BF85314F15896EFA899F2A2DB31ED05CB92
                                                                            Function 0035920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • BeginPaint.USER32(?,?,?), ref: 00359241
                                                                            • GetWindowRect.USER32(?,?), ref: 003592A5
                                                                            • ScreenToClient.USER32(?,?), ref: 003592C2
                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003592D3
                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00359321
                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 003971EA
                                                                              • Part of subcall function 00359339: BeginPath.GDI32(00000000), ref: 00359357
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                            • String ID:
                                                                            • API String ID: 3050599898-0
                                                                            • Opcode ID: 5913b0a8f0011c26ffd7fc7bf7f241a4ec28a223ed1ce5c9fd23fc07e9e2bed0
                                                                            • Instruction ID: 7253b7ac838c07249e542582d90fd910251d762c89b57a181d943f6bc1029396
                                                                            • Opcode Fuzzy Hash: 5913b0a8f0011c26ffd7fc7bf7f241a4ec28a223ed1ce5c9fd23fc07e9e2bed0
                                                                            • Instruction Fuzzy Hash: D841BD70115301EFDB12DF24DC85FBA7BA8EB59321F04466AFAA48B2F1C7309849DB61
                                                                            Function 003B07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 003B080C
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 003B0847
                                                                            • EnterCriticalSection.KERNEL32(?), ref: 003B0863
                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 003B08DC
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 003B08F3
                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 003B0921
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3368777196-0
                                                                            • Opcode ID: 94f81235d02445595e4f9498a3f22f252dd7e0eaa838ed41361fb7b562e54424
                                                                            • Instruction ID: 79bc93b43662c14fbda756742c95ee85fc7efa2c52cebb8c929a433758d4018a
                                                                            • Opcode Fuzzy Hash: 94f81235d02445595e4f9498a3f22f252dd7e0eaa838ed41361fb7b562e54424
                                                                            • Instruction Fuzzy Hash: AE416A71910205EFDF1AAF54DC85AAAB7B8FF04304F1440A5ED00EE2A6D730DE64DBA4
                                                                            Function 003D81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0039F3AB,00000000,?,?,00000000,?,0039682C,00000004,00000000,00000000), ref: 003D824C
                                                                            • EnableWindow.USER32(?,00000000), ref: 003D8272
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 003D82D1
                                                                            • ShowWindow.USER32(?,00000004), ref: 003D82E5
                                                                            • EnableWindow.USER32(?,00000001), ref: 003D830B
                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 003D832F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 642888154-0
                                                                            • Opcode ID: 1c5b13f7a81e1e85568aadf4017572bd866a3205a3b3ac93247ff90d5b71f418
                                                                            • Instruction ID: ea7b7205078ccd0a288153d1949eb664ef2bf372a20c4f6b0eb9fda88f363569
                                                                            • Opcode Fuzzy Hash: 1c5b13f7a81e1e85568aadf4017572bd866a3205a3b3ac93247ff90d5b71f418
                                                                            • Instruction Fuzzy Hash: 5841C379611640AFDB13CF25EC99BE47BF0BB0A714F1952AAE6184B372CB31B845CB40
                                                                            Function 003A4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 003A4C95
                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003A4CB2
                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003A4CEA
                                                                            • _wcslen.LIBCMT ref: 003A4D08
                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003A4D10
                                                                            • _wcsstr.LIBVCRUNTIME ref: 003A4D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                            • String ID:
                                                                            • API String ID: 72514467-0
                                                                            • Opcode ID: dfe0be8766bb4035b3e31ab34b24fab8202def8b9bb0d0c710936d480be2744b
                                                                            • Instruction ID: 402717229a7cd7305160df56f2e7ea2c73cd44284f0a4768c2cafde4cbbf5924
                                                                            • Opcode Fuzzy Hash: dfe0be8766bb4035b3e31ab34b24fab8202def8b9bb0d0c710936d480be2744b
                                                                            • Instruction Fuzzy Hash: 2F21F9716152017BEB175B39AC4AE7BBB9CDF86750F15803AF809CE192EFA1DC00D6A0
                                                                            Function 003B581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00343AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00343A97,?,?,00342E7F,?,?,?,00000000), ref: 00343AC2
                                                                            • _wcslen.LIBCMT ref: 003B587B
                                                                            • CoInitialize.OLE32(00000000), ref: 003B5995
                                                                            • CoCreateInstance.OLE32(003DFCF8,00000000,00000001,003DFB68,?), ref: 003B59AE
                                                                            • CoUninitialize.OLE32 ref: 003B59CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 3172280962-24824748
                                                                            • Opcode ID: 20adf1783c094766da9dd1c471228a622518942bd0da01aa2c1bf0ebf15f2614
                                                                            • Instruction ID: 5dea710432acad5bb00ff658d4f75fa68fe8c16355a0bcf1df768481ac0772bd
                                                                            • Opcode Fuzzy Hash: 20adf1783c094766da9dd1c471228a622518942bd0da01aa2c1bf0ebf15f2614
                                                                            • Instruction Fuzzy Hash: 8FD18371A087019FC706DF24C480A6ABBE5FF89718F11885DF98A9B361DB31ED05CB92
                                                                            Function 003A175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003A0FCA
                                                                              • Part of subcall function 003A0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003A0FD6
                                                                              • Part of subcall function 003A0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003A0FE5
                                                                              • Part of subcall function 003A0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003A0FEC
                                                                              • Part of subcall function 003A0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003A1002
                                                                            • GetLengthSid.ADVAPI32(?,00000000,003A1335), ref: 003A17AE
                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003A17BA
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 003A17C1
                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 003A17DA
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,003A1335), ref: 003A17EE
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A17F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                            • String ID:
                                                                            • API String ID: 3008561057-0
                                                                            • Opcode ID: d8f30255b438925e4ec8687a5360531d59296c555023ef7cf8a6fda1e9138ac0
                                                                            • Instruction ID: 8537bbce19202fd854eac356b7c7b857d6e9174cc90a7577143c2331f4505670
                                                                            • Opcode Fuzzy Hash: d8f30255b438925e4ec8687a5360531d59296c555023ef7cf8a6fda1e9138ac0
                                                                            • Instruction Fuzzy Hash: 1011BB32621216FFDB229FA4DC49FAE7BADEB42355F105019F481A7290C736A940CB60
                                                                            Function 003A14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003A14FF
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 003A1506
                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003A1515
                                                                            • CloseHandle.KERNEL32(00000004), ref: 003A1520
                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003A154F
                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 003A1563
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                            • String ID:
                                                                            • API String ID: 1413079979-0
                                                                            • Opcode ID: 57aabb9fdfd9ee17ef63620bbfe9fca228c3f1df44397ed8b800dbbf31dafdf7
                                                                            • Instruction ID: 0299545a56ac6c06a0cbbc12c257ef2bc566b7b7bee8ee9a0654b4fa007e21cb
                                                                            • Opcode Fuzzy Hash: 57aabb9fdfd9ee17ef63620bbfe9fca228c3f1df44397ed8b800dbbf31dafdf7
                                                                            • Instruction Fuzzy Hash: E711267251120AAFDF128FA8ED49BDE7BADEF4A744F054125FA05A20A0C375CE60DB60
                                                                            Function 00363382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00363379,00362FE5), ref: 00363390
                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0036339E
                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003633B7
                                                                            • SetLastError.KERNEL32(00000000,?,00363379,00362FE5), ref: 00363409
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastValue___vcrt_
                                                                            • String ID:
                                                                            • API String ID: 3852720340-0
                                                                            • Opcode ID: a63068fb15024df40ba050b04605725c2894a6409e3f5761324c156e583fa472
                                                                            • Instruction ID: d27ad6bfe0b8a7302133d76e1519cfdb64bc9971ae80f11773984a2cffd54b30
                                                                            • Opcode Fuzzy Hash: a63068fb15024df40ba050b04605725c2894a6409e3f5761324c156e583fa472
                                                                            • Instruction Fuzzy Hash: 3B012436609311BEEB2727B5BDC55672AA8EB05379730833AF410992F8EF214D11D548
                                                                            Function 00372D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00375686,00383CD6,?,00000000,?,00375B6A,?,?,?,?,?,0036E6D1,?,00408A48), ref: 00372D78
                                                                            • _free.LIBCMT ref: 00372DAB
                                                                            • _free.LIBCMT ref: 00372DD3
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0036E6D1,?,00408A48,00000010,00344F4A,?,?,00000000,00383CD6), ref: 00372DE0
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0036E6D1,?,00408A48,00000010,00344F4A,?,?,00000000,00383CD6), ref: 00372DEC
                                                                            • _abort.LIBCMT ref: 00372DF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free$_abort
                                                                            • String ID:
                                                                            • API String ID: 3160817290-0
                                                                            • Opcode ID: afbaa5d6fa8ad51e67f5fb1dab97974f3bb937fc1f19814df6d273ebacc7d8d1
                                                                            • Instruction ID: 672df9f7ec762b14c5a18646f516866b9645fc7f449dbed8e57394dcca39993a
                                                                            • Opcode Fuzzy Hash: afbaa5d6fa8ad51e67f5fb1dab97974f3bb937fc1f19814df6d273ebacc7d8d1
                                                                            • Instruction Fuzzy Hash: 60F0C83594560177C7332778BC06E5B266DAFC27A1F26C51DF83CAA1D6EF3C88419560
                                                                            Function 003D8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00359693
                                                                              • Part of subcall function 00359639: SelectObject.GDI32(?,00000000), ref: 003596A2
                                                                              • Part of subcall function 00359639: BeginPath.GDI32(?), ref: 003596B9
                                                                              • Part of subcall function 00359639: SelectObject.GDI32(?,00000000), ref: 003596E2
                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 003D8A4E
                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 003D8A62
                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 003D8A70
                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 003D8A80
                                                                            • EndPath.GDI32(?), ref: 003D8A90
                                                                            • StrokePath.GDI32(?), ref: 003D8AA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                            • String ID:
                                                                            • API String ID: 43455801-0
                                                                            • Opcode ID: a9429a4173c02161bb885127caa6f4fc8aee0e680d89cdbc0596de50c48c944d
                                                                            • Instruction ID: bd2b9377e28705cb67c2dc3c01aa6c1c4aeb2f42bfdae1a0935e948aa624673d
                                                                            • Opcode Fuzzy Hash: a9429a4173c02161bb885127caa6f4fc8aee0e680d89cdbc0596de50c48c944d
                                                                            • Instruction Fuzzy Hash: 4C110576011149FFEF129F90EC88EEA7F6CEB08350F008022BA199A1A1C771AD55DBA0
                                                                            Function 003A51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 003A5218
                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 003A5229
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003A5230
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 003A5238
                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003A524F
                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 003A5261
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDevice$Release
                                                                            • String ID:
                                                                            • API String ID: 1035833867-0
                                                                            • Opcode ID: 9776c559a17087fb628bd802a4a2092d4dd414a4fd48821aa258c837d593aee5
                                                                            • Instruction ID: 89f95d1b40aca86a16dfec3984ebbe57581d2ed480f114732476669407decc3e
                                                                            • Opcode Fuzzy Hash: 9776c559a17087fb628bd802a4a2092d4dd414a4fd48821aa258c837d593aee5
                                                                            • Instruction Fuzzy Hash: F8018F75E11719BBEB119BA59C49B4EBFB8EF48351F084066FA04AB280D670D800CBA0
                                                                            Function 00341BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00341BF4
                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00341BFC
                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00341C07
                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00341C12
                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00341C1A
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00341C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual
                                                                            • String ID:
                                                                            • API String ID: 4278518827-0
                                                                            • Opcode ID: b93b131f846331f39d19f2a8cc313dc89475f99894abe6915526237d77910694
                                                                            • Instruction ID: eea22b97b11070f2a7b8cb58b575ca73e755f3abd99df3d78a05cec913827947
                                                                            • Opcode Fuzzy Hash: b93b131f846331f39d19f2a8cc313dc89475f99894abe6915526237d77910694
                                                                            • Instruction Fuzzy Hash: A00167B0902B5ABDE3008F6A8C85B52FFA8FF19354F04411BA15C4BA42C7F5A864CBE5
                                                                            Function 003AEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003AEB30
                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 003AEB46
                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 003AEB55
                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003AEB64
                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003AEB6E
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003AEB75
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 839392675-0
                                                                            • Opcode ID: 96d3c222c710a6b3e6220ee2452911d479b72f4539065185b12cf6df95df1faa
                                                                            • Instruction ID: bbd0734d722502127f1e79e765a8a912bc0603e2d6f942a95910cce6720dc634
                                                                            • Opcode Fuzzy Hash: 96d3c222c710a6b3e6220ee2452911d479b72f4539065185b12cf6df95df1faa
                                                                            • Instruction Fuzzy Hash: 1FF05472162169BBEB225B52AC0EEEF7F7CEFCBB11F00115AF601D1191D7A05A01C6B5
                                                                            Function 00397439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?), ref: 00397452
                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00397469
                                                                            • GetWindowDC.USER32(?), ref: 00397475
                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00397484
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00397496
                                                                            • GetSysColor.USER32(00000005), ref: 003974B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                            • String ID:
                                                                            • API String ID: 272304278-0
                                                                            • Opcode ID: b026192c5929855a858889e43fb37d95949b0734b8e72424d399aab0c2d72ba9
                                                                            • Instruction ID: 85a56742d35c5137d6b8e51b0c56c20b78c8757c9b2b382cfb35e0ae15082814
                                                                            • Opcode Fuzzy Hash: b026192c5929855a858889e43fb37d95949b0734b8e72424d399aab0c2d72ba9
                                                                            • Instruction Fuzzy Hash: 25018B31425216EFEB125FA5EC08BEEBBBAFB04311F151161F925A21A1CB311E41EB10
                                                                            Function 003A1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003A187F
                                                                            • UnloadUserProfile.USERENV(?,?), ref: 003A188B
                                                                            • CloseHandle.KERNEL32(?), ref: 003A1894
                                                                            • CloseHandle.KERNEL32(?), ref: 003A189C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 003A18A5
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A18AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                            • String ID:
                                                                            • API String ID: 146765662-0
                                                                            • Opcode ID: 8796903c6fedf3bc07736031085206b06697f79302c557395d77c2252bef6796
                                                                            • Instruction ID: f183b75b134d702698441219ad4deb8b7366b7e4813033ca786c67f4a08af5b2
                                                                            • Opcode Fuzzy Hash: 8796903c6fedf3bc07736031085206b06697f79302c557395d77c2252bef6796
                                                                            • Instruction Fuzzy Hash: BAE0C236065112BBDB026BA1FD0C90ABB2DFB49B22B109222F225810B0CB329420DB50
                                                                            Function 0034BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 0034BEB3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: D%A$D%A$D%A$D%AD%A
                                                                            • API String ID: 1385522511-1146282348
                                                                            • Opcode ID: ea829e7d08dabdf15c73ce8b1b7db0b19beaf20813a146e2e1c520b4a02a249f
                                                                            • Instruction ID: 566d66a17263266b64db1723b3b27521f8a2726e04221c1127524cab3ab015b8
                                                                            • Opcode Fuzzy Hash: ea829e7d08dabdf15c73ce8b1b7db0b19beaf20813a146e2e1c520b4a02a249f
                                                                            • Instruction Fuzzy Hash: 4F914775A0021ADFCB19CF68C0D06AAFBF6FF59310B25816AD941AB350E771ED81CB90
                                                                            Function 003C7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00360242: EnterCriticalSection.KERNEL32(0041070C,00411884,?,?,0035198B,00412518,?,?,?,003412F9,00000000), ref: 0036024D
                                                                              • Part of subcall function 00360242: LeaveCriticalSection.KERNEL32(0041070C,?,0035198B,00412518,?,?,?,003412F9,00000000), ref: 0036028A
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003600A3: __onexit.LIBCMT ref: 003600A9
                                                                            • __Init_thread_footer.LIBCMT ref: 003C7BFB
                                                                              • Part of subcall function 003601F8: EnterCriticalSection.KERNEL32(0041070C,?,?,00358747,00412514), ref: 00360202
                                                                              • Part of subcall function 003601F8: LeaveCriticalSection.KERNEL32(0041070C,?,00358747,00412514), ref: 00360235
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                            • String ID: +T9$5$G$Variable must be of type 'Object'.
                                                                            • API String ID: 535116098-3698753954
                                                                            • Opcode ID: 6524471cf840fc1ecc3a2cc87efc5aaed34b718601ed793ca383206fa5807069
                                                                            • Instruction ID: 87b5666372d13839ec7df0fecde473f3a963c86268a2f79de92e644a5b67095c
                                                                            • Opcode Fuzzy Hash: 6524471cf840fc1ecc3a2cc87efc5aaed34b718601ed793ca383206fa5807069
                                                                            • Instruction Fuzzy Hash: 5B917A74A04209AFCB16EF94D895EADBBB5FF49300F10805DF806AB292DB71AE45CF51
                                                                            Function 003AC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00347620: _wcslen.LIBCMT ref: 00347625
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003AC6EE
                                                                            • _wcslen.LIBCMT ref: 003AC735
                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003AC79C
                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003AC7CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                            • String ID: 0
                                                                            • API String ID: 1227352736-4108050209
                                                                            • Opcode ID: d877ec988a5cc91c03f9562a70a183028888731aade6b4f5f032fb3a59fde04f
                                                                            • Instruction ID: c885fed532dd283669f84089d6bf2bc40d2c58d87a1d80cb202509e7c12be68d
                                                                            • Opcode Fuzzy Hash: d877ec988a5cc91c03f9562a70a183028888731aade6b4f5f032fb3a59fde04f
                                                                            • Instruction Fuzzy Hash: F051FF716243009FD713DF28C885BABB7E8EF4A310F042A29F9A1D71A0DB65D804CF56
                                                                            Function 003A719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003A7206
                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003A723C
                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003A724D
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003A72CF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                            • String ID: DllGetClassObject
                                                                            • API String ID: 753597075-1075368562
                                                                            • Opcode ID: 1af0e092d79911b9c82e4f7c63cdb6a50f4f70ce0603879d148260e33243ce4b
                                                                            • Instruction ID: f8888698807607cb02c74caf949aa6a2803031eef8509c7a1aa5f5d1e754cacd
                                                                            • Opcode Fuzzy Hash: 1af0e092d79911b9c82e4f7c63cdb6a50f4f70ce0603879d148260e33243ce4b
                                                                            • Instruction Fuzzy Hash: 0A418E71A04204EFDB16CF54CCC4B9A7BA9EF4A310F1584AABD059F20AD7B5D941CBA0
                                                                            Function 003D3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003D3E35
                                                                            • IsMenu.USER32(?), ref: 003D3E4A
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003D3E92
                                                                            • DrawMenuBar.USER32 ref: 003D3EA5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                            • String ID: 0
                                                                            • API String ID: 3076010158-4108050209
                                                                            • Opcode ID: 93dd3290fa4d76db1d8158e297b9ab19a8999d2ccb6ab016deeb0fad198e235b
                                                                            • Instruction ID: 31091285d27ace7625e810515e868869be9bada30da726fcc49750f1e33ccfb1
                                                                            • Opcode Fuzzy Hash: 93dd3290fa4d76db1d8158e297b9ab19a8999d2ccb6ab016deeb0fad198e235b
                                                                            • Instruction Fuzzy Hash: D5414977A11209AFDB11DF50E884AEABBBAFF49350F05412AF9159B390D730AE44CF51
                                                                            Function 003A1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003A1E66
                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003A1E79
                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 003A1EA9
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2081771294-1403004172
                                                                            • Opcode ID: 403f04485b4f680c2a7d05dea4a36d3382d30a2676a51de5fd323f3e1a324df1
                                                                            • Instruction ID: 0cb7b409a288631a0467b3caf570eb280e0055c8093c82c23399dde37692c01c
                                                                            • Opcode Fuzzy Hash: 403f04485b4f680c2a7d05dea4a36d3382d30a2676a51de5fd323f3e1a324df1
                                                                            • Instruction Fuzzy Hash: 3D212771A00104BEDB16AB64DC46DFFB7BDDF46360F14412AF825AB1E1DB345D09C620
                                                                            Function 003CC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                            • API String ID: 176396367-4004644295
                                                                            • Opcode ID: 4bd2b689bbbafa1e208816ce7eeacf6678ddb9e38f36df463c2ebcd48ad1e758
                                                                            • Instruction ID: 48fea151a7931fa22220e7ceaf75b2094c617204be21c78bc82db8e2a865b7de
                                                                            • Opcode Fuzzy Hash: 4bd2b689bbbafa1e208816ce7eeacf6678ddb9e38f36df463c2ebcd48ad1e758
                                                                            • Instruction Fuzzy Hash: 38310937A205694BCB22EF2C8844BBF33915B61750F17902EE849EF245E771DD4193A0
                                                                            Function 003D2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003D2F8D
                                                                            • LoadLibraryW.KERNEL32(?), ref: 003D2F94
                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003D2FA9
                                                                            • DestroyWindow.USER32(?), ref: 003D2FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                            • String ID: SysAnimate32
                                                                            • API String ID: 3529120543-1011021900
                                                                            • Opcode ID: b0ae96bda4742fb8dc257631831f2a44e084e5079ba6b64a764aff0d83382658
                                                                            • Instruction ID: 1204b45bdbaf80d59b505e9d4f5a19b648668cc9f500efa596cfb5ba2ff5e2bc
                                                                            • Opcode Fuzzy Hash: b0ae96bda4742fb8dc257631831f2a44e084e5079ba6b64a764aff0d83382658
                                                                            • Instruction Fuzzy Hash: 5D21DC72214205ABEB124F64EC80EBB77BDEF69324F114A2AFA50D62A0C771DC41A760
                                                                            Function 00364D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00364D1E,003728E9,?,00364CBE,003728E9,004088B8,0000000C,00364E15,003728E9,00000002), ref: 00364D8D
                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00364DA0
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00364D1E,003728E9,?,00364CBE,003728E9,004088B8,0000000C,00364E15,003728E9,00000002,00000000), ref: 00364DC3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                            • API String ID: 4061214504-1276376045
                                                                            • Opcode ID: e923a7022bcc5eaf846e587f51b6106581b35a54e81ddc3bb33d9896d66c8738
                                                                            • Instruction ID: 755168b9dec95b26ed964a663d0c374cad51b572927435a4b17cccbc8b597e41
                                                                            • Opcode Fuzzy Hash: e923a7022bcc5eaf846e587f51b6106581b35a54e81ddc3bb33d9896d66c8738
                                                                            • Instruction Fuzzy Hash: 97F0AF74A21219FBDB169F90EC49BEEBBB8EF44751F0042A5F805A22A0CF705980CA90
                                                                            Function 00344E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00344EDD,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E9C
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00344EAE
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00344EDD,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344EC0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-3689287502
                                                                            • Opcode ID: c75719e2882971a307ad11e9b9fa64405ae54d6aa44927a1fc9728cbc027faa0
                                                                            • Instruction ID: c9089dcc342479f80d427a8c5c3bd7efab8167f3391f02241840ea88d9d42e1c
                                                                            • Opcode Fuzzy Hash: c75719e2882971a307ad11e9b9fa64405ae54d6aa44927a1fc9728cbc027faa0
                                                                            • Instruction Fuzzy Hash: 86E08636A235339BD2231B257C1CB5BA69CAF81B62B060127FC01E6250DF64DD41C0A0
                                                                            Function 00344E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00383CDE,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E62
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00344E74
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00383CDE,?,00411418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00344E87
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-1355242751
                                                                            • Opcode ID: 74c3d586680a73727ee7c5891ca0fcc124e427cb232f3dfaf7c4d96369ce1e7d
                                                                            • Instruction ID: d9923990952d8f0d0a3cdf9dbdaff688784babdbf909362a69c7acdca28fff6b
                                                                            • Opcode Fuzzy Hash: 74c3d586680a73727ee7c5891ca0fcc124e427cb232f3dfaf7c4d96369ce1e7d
                                                                            • Instruction Fuzzy Hash: 3AD0C232533633678A231B247C08F8BAB5CAF81B113060233F801E7150CF20CD41C1D0
                                                                            Function 003B2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003B2C05
                                                                            • DeleteFileW.KERNEL32(?), ref: 003B2C87
                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003B2C9D
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003B2CAE
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003B2CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Delete$Copy
                                                                            • String ID:
                                                                            • API String ID: 3226157194-0
                                                                            • Opcode ID: 8a114c93afb1cf9964cd326e5a0c1952508870c865f88de76da5af3f623f72a2
                                                                            • Instruction ID: 244ad641ea1d72ea73a836e6fc0f1a5167e96e124f91ae961031bfc9af8fe904
                                                                            • Opcode Fuzzy Hash: 8a114c93afb1cf9964cd326e5a0c1952508870c865f88de76da5af3f623f72a2
                                                                            • Instruction Fuzzy Hash: D7B16F72D00119ABDF12DBA4CC85EDFBBBDEF49344F1041A6F609EA155EB309A448F61
                                                                            Function 003CA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcessId.KERNEL32 ref: 003CA427
                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003CA435
                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 003CA468
                                                                            • CloseHandle.KERNEL32(?), ref: 003CA63D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 3488606520-0
                                                                            • Opcode ID: 34ce0713c5d0bada031cfc54cc0c21e3ed3245bebb7da7caffc006b845fd996e
                                                                            • Instruction ID: 3bc4c66edd1ec9d56738994ded4b070b29edcddf142bd679d7a50596ac95f1fb
                                                                            • Opcode Fuzzy Hash: 34ce0713c5d0bada031cfc54cc0c21e3ed3245bebb7da7caffc006b845fd996e
                                                                            • Instruction Fuzzy Hash: 06A1ACB16047009FD721DF24C886F2AB7E5AB84714F14885DF99ADF392DBB1EC058B82
                                                                            Function 003AE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003ACF22,?), ref: 003ADDFD
                                                                              • Part of subcall function 003ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003ACF22,?), ref: 003ADE16
                                                                              • Part of subcall function 003AE199: GetFileAttributesW.KERNEL32(?,003ACF95), ref: 003AE19A
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 003AE473
                                                                            • MoveFileW.KERNEL32(?,?), ref: 003AE4AC
                                                                            • _wcslen.LIBCMT ref: 003AE5EB
                                                                            • _wcslen.LIBCMT ref: 003AE603
                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 003AE650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3183298772-0
                                                                            • Opcode ID: 33d367a8e98e63224c48abb03a0ef96c22431db32daed2f2ac11814aca321b45
                                                                            • Instruction ID: 052bfeec8c07b91952901cdf9b693cb067fa384383a90f04a2c477073c172175
                                                                            • Opcode Fuzzy Hash: 33d367a8e98e63224c48abb03a0ef96c22431db32daed2f2ac11814aca321b45
                                                                            • Instruction Fuzzy Hash: EC5153B24083455BC726DB94DC81ADBB3ECEF95340F00492EF589D7151EF74A6888766
                                                                            Function 003CB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003CB6AE,?,?), ref: 003CC9B5
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CC9F1
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA68
                                                                              • Part of subcall function 003CC998: _wcslen.LIBCMT ref: 003CCA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003CBAA5
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003CBB00
                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003CBB63
                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 003CBBA6
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 003CBBB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 826366716-0
                                                                            • Opcode ID: 6b7fe306f09948ec59deafd867aa344c5f2fdb39b1ce91cc7055820662a2a0f2
                                                                            • Instruction ID: d1e5f4008f6f5f75358dd98994d11e1fdf91b4a8c4c65a68267243b804f2957e
                                                                            • Opcode Fuzzy Hash: 6b7fe306f09948ec59deafd867aa344c5f2fdb39b1ce91cc7055820662a2a0f2
                                                                            • Instruction Fuzzy Hash: 45617D31218241AFD716DF14C491F2ABBE9FF84308F15859DF4998B2A2DB31ED45CB92
                                                                            Function 003A8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 003A8BCD
                                                                            • VariantClear.OLEAUT32 ref: 003A8C3E
                                                                            • VariantClear.OLEAUT32 ref: 003A8C9D
                                                                            • VariantClear.OLEAUT32(?), ref: 003A8D10
                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003A8D3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                            • String ID:
                                                                            • API String ID: 4136290138-0
                                                                            • Opcode ID: e8810ca52a883aa645fa508903f7040e828dd7292cbf13d7f94e0d7d848d30fe
                                                                            • Instruction ID: c642d6c8df08647f91636ac3bc453c9dbd3a61272b9cabf5813828cadb2257ac
                                                                            • Opcode Fuzzy Hash: e8810ca52a883aa645fa508903f7040e828dd7292cbf13d7f94e0d7d848d30fe
                                                                            • Instruction Fuzzy Hash: 1D5189B1A1021AEFCB15CF28C884AAAB7F8FF89310F118559E905DB350E730E911CF90
                                                                            Function 003B8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003B8BAE
                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 003B8BDA
                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003B8C32
                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003B8C57
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003B8C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                            • String ID:
                                                                            • API String ID: 2832842796-0
                                                                            • Opcode ID: 0eb212bb9297e91cd0ac4a24dafaf2295d4a9473e2a776b899b4f7866ef97156
                                                                            • Instruction ID: 871aef33969ba5028427880474fe9c7bd9924de20112f325edc27def20e954b4
                                                                            • Opcode Fuzzy Hash: 0eb212bb9297e91cd0ac4a24dafaf2295d4a9473e2a776b899b4f7866ef97156
                                                                            • Instruction Fuzzy Hash: B0513875A002159FCB02DF64C881AAABBF5FF49314F088499E949AF362CB35FD41CB90
                                                                            Function 003C8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 003C8F40
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 003C8FD0
                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 003C8FEC
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 003C9032
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 003C9052
                                                                              • Part of subcall function 0035F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,003B1043,?,753CE610), ref: 0035F6E6
                                                                              • Part of subcall function 0035F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0039FA64,00000000,00000000,?,?,003B1043,?,753CE610,?,0039FA64), ref: 0035F70D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                            • String ID:
                                                                            • API String ID: 666041331-0
                                                                            • Opcode ID: 084f3f4fa330e1e07248d5f09e51757ae90e93f9d4e4ca231e83e2de5e753be6
                                                                            • Instruction ID: 823b57c082ade9a50bdf15298143962558160e0b42892748fff06d591e8f819b
                                                                            • Opcode Fuzzy Hash: 084f3f4fa330e1e07248d5f09e51757ae90e93f9d4e4ca231e83e2de5e753be6
                                                                            • Instruction Fuzzy Hash: 575106356052159FCB12DF58C484EA9BBF1FF49314B0580A9E80A9F762DB31EE86CB90
                                                                            Function 003D6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 003D6C33
                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 003D6C4A
                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 003D6C73
                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,003BAB79,00000000,00000000), ref: 003D6C98
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 003D6CC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageSendShow
                                                                            • String ID:
                                                                            • API String ID: 3688381893-0
                                                                            • Opcode ID: 964c04a31c3b73da4d696087430595f68c68d4ef17a8c18cc3f48e2f55e95cee
                                                                            • Instruction ID: ea6a25d6c7b9c6eff27dc3dfcb828bff6735194c26f892e75b8bbe3693d346a4
                                                                            • Opcode Fuzzy Hash: 964c04a31c3b73da4d696087430595f68c68d4ef17a8c18cc3f48e2f55e95cee
                                                                            • Instruction Fuzzy Hash: E5411B76620104AFD726CF28EC56FB97BA9EB09350F16022AFD65A73E0C371ED50CA40
                                                                            Function 00372051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: b53a8cfc64f6dbadcb8e0132192248e3adde4c3f2463174b157fbe3f5c859833
                                                                            • Instruction ID: ffb19e77f6c972824176164c6670aa8cbd6944a5e638c828970b43028600cec5
                                                                            • Opcode Fuzzy Hash: b53a8cfc64f6dbadcb8e0132192248e3adde4c3f2463174b157fbe3f5c859833
                                                                            • Instruction Fuzzy Hash: 1541D432A002009FCB35DF78C981A5EB7F5EF89314F568568EA19EB351D735AD01CB90
                                                                            Function 0035912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00359141
                                                                            • ScreenToClient.USER32(00000000,?), ref: 0035915E
                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00359183
                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0035919D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                            • String ID:
                                                                            • API String ID: 4210589936-0
                                                                            • Opcode ID: 6e224512655a785aca29200deb86b15512ccbfaf6fd2b620c4d2a0e7f998acb2
                                                                            • Instruction ID: 0a20e314c62b6e0da46b26fad7b442d6773573c5b8aa83ff108c29412262e04c
                                                                            • Opcode Fuzzy Hash: 6e224512655a785aca29200deb86b15512ccbfaf6fd2b620c4d2a0e7f998acb2
                                                                            • Instruction Fuzzy Hash: EA417F71A1861BFBDF169F64D844BEEB774FB05321F218216E825A72E0C7306E54CB91
                                                                            Function 003B3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 003B38CB
                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 003B3922
                                                                            • TranslateMessage.USER32(?), ref: 003B394B
                                                                            • DispatchMessageW.USER32(?), ref: 003B3955
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003B3966
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                            • String ID:
                                                                            • API String ID: 2256411358-0
                                                                            • Opcode ID: 7e1bda5f05f02abf34a603c348887dad2b429321db245555a11fc8fd0ce24c64
                                                                            • Instruction ID: 181e520b6dc1fe17860834c948f3f835bee3584293798a6e89e42468770fb4bf
                                                                            • Opcode Fuzzy Hash: 7e1bda5f05f02abf34a603c348887dad2b429321db245555a11fc8fd0ce24c64
                                                                            • Instruction Fuzzy Hash: DE31B770914366AEEB37CB359848BF637A8EB05308F05456DE662C29B0E7F4A685CB11
                                                                            Function 003BCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 003BCF38
                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 003BCF6F
                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,003BC21E,00000000), ref: 003BCFB4
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,003BC21E,00000000), ref: 003BCFC8
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,003BC21E,00000000), ref: 003BCFF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                            • String ID:
                                                                            • API String ID: 3191363074-0
                                                                            • Opcode ID: 373b4d951a4994d381342b533d05805cc718db29888f7366f62fc82ba959d001
                                                                            • Instruction ID: 2efe82b2deffca89ef12fe3622e3fff390ac11a393a5e06f306c4b69716af7f9
                                                                            • Opcode Fuzzy Hash: 373b4d951a4994d381342b533d05805cc718db29888f7366f62fc82ba959d001
                                                                            • Instruction Fuzzy Hash: DD317F71620206AFDB32DFA5D8849BBBBFDEB04319B10546EF606D6911D730ED40DB60
                                                                            Function 003A1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 003A1915
                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 003A19C1
                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 003A19C9
                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 003A19DA
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 003A19E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleep$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3382505437-0
                                                                            • Opcode ID: e1feb6d9f60e02cbe592fbeb2236fee61126c5a8b3071f37586afb767622aaaa
                                                                            • Instruction ID: 16b4be065bfdcdbb51c5bf31b85ce780d0ac202ed00218b41056775402650218
                                                                            • Opcode Fuzzy Hash: e1feb6d9f60e02cbe592fbeb2236fee61126c5a8b3071f37586afb767622aaaa
                                                                            • Instruction Fuzzy Hash: 4831C072A10219EFCB01CFA8DD99ADF7BB9EB05315F104229F921AB2D1C7709944CB90
                                                                            Function 003D5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 003D5745
                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 003D579D
                                                                            • _wcslen.LIBCMT ref: 003D57AF
                                                                            • _wcslen.LIBCMT ref: 003D57BA
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 003D5816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen
                                                                            • String ID:
                                                                            • API String ID: 763830540-0
                                                                            • Opcode ID: fd5490411688f97d25f81fac7b87c68767adc3521442d6428ba40f25b142747c
                                                                            • Instruction ID: fd0ff94b2a3e426ce0d096311b812a0bf16b789f56de1a63a419039e85f57fd3
                                                                            • Opcode Fuzzy Hash: fd5490411688f97d25f81fac7b87c68767adc3521442d6428ba40f25b142747c
                                                                            • Instruction Fuzzy Hash: AF218572904618DADB229F65EC85AEEB7BCFF04724F108217E929EA280D7708985CF51
                                                                            Function 003C0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(00000000), ref: 003C0951
                                                                            • GetForegroundWindow.USER32 ref: 003C0968
                                                                            • GetDC.USER32(00000000), ref: 003C09A4
                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 003C09B0
                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 003C09E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ForegroundPixelRelease
                                                                            • String ID:
                                                                            • API String ID: 4156661090-0
                                                                            • Opcode ID: 915ce84f33d2b6b763d95abffa561e00a57edb40a6a97809be5e7d7b0c7b9310
                                                                            • Instruction ID: 60054b874b6c6780a630244d83aa190e72b27a4776ee4b85013c37069250a0ab
                                                                            • Opcode Fuzzy Hash: 915ce84f33d2b6b763d95abffa561e00a57edb40a6a97809be5e7d7b0c7b9310
                                                                            • Instruction Fuzzy Hash: 69216D35A11214AFD705EF69D884AAEBBF9EF48700F04806DE84ADB762CB30EC04CB50
                                                                            Function 0037CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0037CDC6
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037CDE9
                                                                              • Part of subcall function 00373820: RtlAllocateHeap.NTDLL(00000000,?,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6,?,00341129), ref: 00373852
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0037CE0F
                                                                            • _free.LIBCMT ref: 0037CE22
                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0037CE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                            • String ID:
                                                                            • API String ID: 336800556-0
                                                                            • Opcode ID: 67d09e84959f00226970bdb8111a17b6c1744a0ca1b4a149b384ed7bd2871d83
                                                                            • Instruction ID: f29744f154021542fcdb9da1f8b631b0c8cf68a2d723ce0f351427088e73752b
                                                                            • Opcode Fuzzy Hash: 67d09e84959f00226970bdb8111a17b6c1744a0ca1b4a149b384ed7bd2871d83
                                                                            • Instruction Fuzzy Hash: C00128726226113F673316B66C48C3B6A6CEFC7BA2315912EF908C7500DA288D01C1B0
                                                                            Function 00359639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00359693
                                                                            • SelectObject.GDI32(?,00000000), ref: 003596A2
                                                                            • BeginPath.GDI32(?), ref: 003596B9
                                                                            • SelectObject.GDI32(?,00000000), ref: 003596E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 7da836792fa8e91c508f1fef944a941041a8776f3d35b574ba95dfa7b7ac9dfb
                                                                            • Instruction ID: 0e582a41aa1bc799a89d7c8194391772b88deb8b25df5c10a7344294aeb808e8
                                                                            • Opcode Fuzzy Hash: 7da836792fa8e91c508f1fef944a941041a8776f3d35b574ba95dfa7b7ac9dfb
                                                                            • Instruction Fuzzy Hash: FB21AAB0822306DFDB129F14EC15BE97B79BB00326F118227F920961F0D3749859CF98
                                                                            Function 003A5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: 912abbd370e8362ff841575d0eab15afcf96be0a40850f3bea8f060ca524058f
                                                                            • Instruction ID: a8bb463a3b7bbaf0d3c4c04af96ce478c01fd663037a453c348691be9cc1da61
                                                                            • Opcode Fuzzy Hash: 912abbd370e8362ff841575d0eab15afcf96be0a40850f3bea8f060ca524058f
                                                                            • Instruction Fuzzy Hash: EC0196A6641A15BED21A56109D82EFA635CDB223A4B148421FD16AF741F762ED1082A0
                                                                            Function 00372DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,?,0036F2DE,00373863,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6), ref: 00372DFD
                                                                            • _free.LIBCMT ref: 00372E32
                                                                            • _free.LIBCMT ref: 00372E59
                                                                            • SetLastError.KERNEL32(00000000,00341129), ref: 00372E66
                                                                            • SetLastError.KERNEL32(00000000,00341129), ref: 00372E6F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free
                                                                            • String ID:
                                                                            • API String ID: 3170660625-0
                                                                            • Opcode ID: 6d1e6e8ef60c756c95db1b0b68059d5d29e5dd81679ce4536c96dbd33bbba2bb
                                                                            • Instruction ID: 162e19351e293832f00eb6afb50ce9a2e480fb15d9cee70806a4dec96f4ff3cb
                                                                            • Opcode Fuzzy Hash: 6d1e6e8ef60c756c95db1b0b68059d5d29e5dd81679ce4536c96dbd33bbba2bb
                                                                            • Instruction Fuzzy Hash: 4D01283664560177C73327347C85E2B265DABC63B1F26C529F82DA6AD3EF7C8C418420
                                                                            Function 003A000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?,?,003A035E), ref: 003A002B
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?), ref: 003A0046
                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?), ref: 003A0054
                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?), ref: 003A0064
                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0039FF41,80070057,?,?), ref: 003A0070
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3897988419-0
                                                                            • Opcode ID: 25b1e54a7d46763ae8b545b844843cde855d7d6afeca7bdfaa266df5c4fc95d8
                                                                            • Instruction ID: 90317e5a62cc6bb6212c69bb9f08e7546f8d13427e893557e718bcacf362d6fc
                                                                            • Opcode Fuzzy Hash: 25b1e54a7d46763ae8b545b844843cde855d7d6afeca7bdfaa266df5c4fc95d8
                                                                            • Instruction Fuzzy Hash: BA01DB72621205BFDB168F68EC04FAA7BAEEB49392F104125F905D2210E774CD00DBA0
                                                                            Function 003AE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 003AE997
                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 003AE9A5
                                                                            • Sleep.KERNEL32(00000000), ref: 003AE9AD
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 003AE9B7
                                                                            • Sleep.KERNEL32 ref: 003AE9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                            • String ID:
                                                                            • API String ID: 2833360925-0
                                                                            • Opcode ID: d89342ee99e18af9bf9620b738b52478bc15c93ffef2242cd581c38f3b7da4ac
                                                                            • Instruction ID: ad042039c8d567658c23447a5527800d822bd01b772f34a40e5cdfdbf22d31df
                                                                            • Opcode Fuzzy Hash: d89342ee99e18af9bf9620b738b52478bc15c93ffef2242cd581c38f3b7da4ac
                                                                            • Instruction Fuzzy Hash: 3F012D31C1162ADBCF02AFE5EC59AEEBB7CFF0A701F01055AE502B2141CB389555C761
                                                                            Function 003A10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003A1114
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1120
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A112F
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,003A0B9B,?,?,?), ref: 003A1136
                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003A114D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 842720411-0
                                                                            • Opcode ID: 00bf7259f47eb065323ae98ceedbebe7c1a0581e2a18df4557ae1fd4e962250e
                                                                            • Instruction ID: 91f4972fb37aa93431a65efe0c88789d1ecc9c12ffe183106b0cf49d761af514
                                                                            • Opcode Fuzzy Hash: 00bf7259f47eb065323ae98ceedbebe7c1a0581e2a18df4557ae1fd4e962250e
                                                                            • Instruction Fuzzy Hash: D3016D75111216BFDB124F64EC49A6A3B6EEF86364F110415FA41C3350DA31DC00DA60
                                                                            Function 003A0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003A0FCA
                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003A0FD6
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003A0FE5
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003A0FEC
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003A1002
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 3f525efd0ed4cc719a70810f5ae7814d45d2579b1e50fbe83c45ab2ecf0e3fef
                                                                            • Instruction ID: fd4162ac161138e2c5c6e03bf2c3aab7344e316c020231907ee6c3bb5c73188c
                                                                            • Opcode Fuzzy Hash: 3f525efd0ed4cc719a70810f5ae7814d45d2579b1e50fbe83c45ab2ecf0e3fef
                                                                            • Instruction Fuzzy Hash: DDF06D39261312EBDB224FA4EC4DF563BADEF8A762F154416FA45C7291CA70DC40CA60
                                                                            Function 003A1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003A102A
                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003A1036
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003A1045
                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003A104C
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003A1062
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 52483090e029549567a4b9e0688fe232e70d2708fb09036dfc1707f2ca36c4d4
                                                                            • Instruction ID: a6d1b031ed834ae8410d0a4bab79c4cb9f2c4cfbb6d8f1366128c0dd5355710f
                                                                            • Opcode Fuzzy Hash: 52483090e029549567a4b9e0688fe232e70d2708fb09036dfc1707f2ca36c4d4
                                                                            • Instruction Fuzzy Hash: 38F06D39261312EBDB235FA4EC49F563BADEF8A761F150416FA45C7290CA74D840CA60
                                                                            Function 003B030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B0324
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B0331
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B033E
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B034B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B0358
                                                                            • CloseHandle.KERNEL32(?,?,?,?,003B017D,?,003B32FC,?,00000001,00382592,?), ref: 003B0365
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: 8f9fcbd64347be80e7b5705d367450eab5c6d183773addf9b9a910a4703745a1
                                                                            • Instruction ID: 9cc7f4cf4b84d2db252dc20ab471ba8db488c25c301b239d58f81c593e7a8719
                                                                            • Opcode Fuzzy Hash: 8f9fcbd64347be80e7b5705d367450eab5c6d183773addf9b9a910a4703745a1
                                                                            • Instruction Fuzzy Hash: D701E276800B058FC7329F66D880447F7F9BF503093068A3FD29A52930C370A944CF80
                                                                            Function 0037D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 0037D752
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • _free.LIBCMT ref: 0037D764
                                                                            • _free.LIBCMT ref: 0037D776
                                                                            • _free.LIBCMT ref: 0037D788
                                                                            • _free.LIBCMT ref: 0037D79A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: ea67faf32414772eda258d9a93ab332dbf3b20d7c062e8e0dd8e50b351813208
                                                                            • Instruction ID: b4bf36415cb4c4937b012798f36d9f073f4276abbb22999643112d55615e5c35
                                                                            • Opcode Fuzzy Hash: ea67faf32414772eda258d9a93ab332dbf3b20d7c062e8e0dd8e50b351813208
                                                                            • Instruction Fuzzy Hash: 58F03C72500244ABC636EB68FAC1C17B7EDBF46311B998815F14CEB502C738FC808668
                                                                            Function 003A5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 003A5C58
                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 003A5C6F
                                                                            • MessageBeep.USER32(00000000), ref: 003A5C87
                                                                            • KillTimer.USER32(?,0000040A), ref: 003A5CA3
                                                                            • EndDialog.USER32(?,00000001), ref: 003A5CBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 3741023627-0
                                                                            • Opcode ID: daa71934af09e624b00113477c2f174add6b65576df052e563926e7a6b1a1ab1
                                                                            • Instruction ID: db99d0dfeaf63a4ec8abb563a1cf4f2d61f838f7da6eff884bbf2531595380b9
                                                                            • Opcode Fuzzy Hash: daa71934af09e624b00113477c2f174add6b65576df052e563926e7a6b1a1ab1
                                                                            • Instruction Fuzzy Hash: C2018630511B05ABEB225B10ED4EFA677BCFB01B05F04165AA583A14E1DBF4A988CA90
                                                                            Function 003722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 003722BE
                                                                              • Part of subcall function 003729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000), ref: 003729DE
                                                                              • Part of subcall function 003729C8: GetLastError.KERNEL32(00000000,?,0037D7D1,00000000,00000000,00000000,00000000,?,0037D7F8,00000000,00000007,00000000,?,0037DBF5,00000000,00000000), ref: 003729F0
                                                                            • _free.LIBCMT ref: 003722D0
                                                                            • _free.LIBCMT ref: 003722E3
                                                                            • _free.LIBCMT ref: 003722F4
                                                                            • _free.LIBCMT ref: 00372305
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 1283788ad74bc8da5ff266be15f6479ce721d6ecfd4f3e8ee5edf08c6346c64c
                                                                            • Instruction ID: 794527137c4e5a5d7d56c4b330976f47797cf0ee2378cf50f6e6f25f4469b730
                                                                            • Opcode Fuzzy Hash: 1283788ad74bc8da5ff266be15f6479ce721d6ecfd4f3e8ee5edf08c6346c64c
                                                                            • Instruction Fuzzy Hash: ADF03071501110CBC723BF64BC4288A7BA4B71A751B06CA66F518E62B1C7B904A29BAC
                                                                            Function 003595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EndPath.GDI32(?), ref: 003595D4
                                                                            • StrokeAndFillPath.GDI32(?,?,003971F7,00000000,?,?,?), ref: 003595F0
                                                                            • SelectObject.GDI32(?,00000000), ref: 00359603
                                                                            • DeleteObject.GDI32 ref: 00359616
                                                                            • StrokePath.GDI32(?), ref: 00359631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                            • String ID:
                                                                            • API String ID: 2625713937-0
                                                                            • Opcode ID: 59311219117bd3d32a12b48982693c9eca85e98f6c9ef09fb2858cc48b65c51a
                                                                            • Instruction ID: e19885ae9f8d6db7cb64567ea1002277cecc9005c6b783a9c234c3ece3a96e8f
                                                                            • Opcode Fuzzy Hash: 59311219117bd3d32a12b48982693c9eca85e98f6c9ef09fb2858cc48b65c51a
                                                                            • Instruction Fuzzy Hash: 93F03CB0026205EBDB135F65ED1CBA43B69AB01332F04C226FA25590F0C73489A9DF28
                                                                            Function 00370F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __freea$_free
                                                                            • String ID: a/p$am/pm
                                                                            • API String ID: 3432400110-3206640213
                                                                            • Opcode ID: 9ffa97f2f9b6bd700a8210d077d589a18f1653c826df94b6eb069d2878767104
                                                                            • Instruction ID: 0c42ed0efd590111901dfd100248df605beb1db63dea17e9b7e31bc2c0c0327c
                                                                            • Opcode Fuzzy Hash: 9ffa97f2f9b6bd700a8210d077d589a18f1653c826df94b6eb069d2878767104
                                                                            • Instruction Fuzzy Hash: C1D1F237910205CAEB3A9F6CC8957BAB7B4EF05700F298159E909ABA51D33D9D80CB51
                                                                            Function 003C61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00360242: EnterCriticalSection.KERNEL32(0041070C,00411884,?,?,0035198B,00412518,?,?,?,003412F9,00000000), ref: 0036024D
                                                                              • Part of subcall function 00360242: LeaveCriticalSection.KERNEL32(0041070C,?,0035198B,00412518,?,?,?,003412F9,00000000), ref: 0036028A
                                                                              • Part of subcall function 003600A3: __onexit.LIBCMT ref: 003600A9
                                                                            • __Init_thread_footer.LIBCMT ref: 003C6238
                                                                              • Part of subcall function 003601F8: EnterCriticalSection.KERNEL32(0041070C,?,?,00358747,00412514), ref: 00360202
                                                                              • Part of subcall function 003601F8: LeaveCriticalSection.KERNEL32(0041070C,?,00358747,00412514), ref: 00360235
                                                                              • Part of subcall function 003B359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003B35E4
                                                                              • Part of subcall function 003B359C: LoadStringW.USER32(00412390,?,00000FFF,?), ref: 003B360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                            • String ID: x#A$x#A$x#A
                                                                            • API String ID: 1072379062-3459604138
                                                                            • Opcode ID: cff1a3c7be1e37e5d333b01fe3ffd0bc0cb9caf342d30c8ba26b0e82cd481fe4
                                                                            • Instruction ID: c0b8afd901b486bafbbf2628ac01d4f292cf261cbe6a9b1d53f2ce7f59c77a43
                                                                            • Opcode Fuzzy Hash: cff1a3c7be1e37e5d333b01fe3ffd0bc0cb9caf342d30c8ba26b0e82cd481fe4
                                                                            • Instruction Fuzzy Hash: C4C15B71A00109AFCB16DF58C892EBEB7B9EF49300F15846EE915DB291DB70ED45CB90
                                                                            Function 00375AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: JO4
                                                                            • API String ID: 0-3558438523
                                                                            • Opcode ID: 48df31203667a2d95f76b97e7801f3c844a096388e647cee2a968612b7556b4c
                                                                            • Instruction ID: acf4aa6b9424a02c3497e4fbe3b0c5a3959435d7e1db0af92f6b5ffd7f61fc77
                                                                            • Opcode Fuzzy Hash: 48df31203667a2d95f76b97e7801f3c844a096388e647cee2a968612b7556b4c
                                                                            • Instruction Fuzzy Hash: C651B075D0060A9FCB3B9FA4D885FBE7BB8AF05310F158059F409AB291D7B99901CB61
                                                                            Function 00378A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00378B6E
                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00378B7A
                                                                            • __dosmaperr.LIBCMT ref: 00378B81
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                            • String ID: .6
                                                                            • API String ID: 2434981716-1713163095
                                                                            • Opcode ID: a0cb59738e8578db40ae76cf056139c1a95d2962ea2bcd3e4b9bc51e93fd3a74
                                                                            • Instruction ID: 4a02ee4651363cc2a4df871bd0ae0190684e97274b689e1aa8ec03f47785e3de
                                                                            • Opcode Fuzzy Hash: a0cb59738e8578db40ae76cf056139c1a95d2962ea2bcd3e4b9bc51e93fd3a74
                                                                            • Instruction Fuzzy Hash: D0418E70604045AFD7369F28C889AB97FA5DF45304F29C5A9F48D8B542DE398C02D794
                                                                            Function 003A2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003AB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003A21D0,?,?,00000034,00000800,?,00000034), ref: 003AB42D
                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 003A2760
                                                                              • Part of subcall function 003AB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003A21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 003AB3F8
                                                                              • Part of subcall function 003AB32A: GetWindowThreadProcessId.USER32(?,?), ref: 003AB355
                                                                              • Part of subcall function 003AB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,003A2194,00000034,?,?,00001004,00000000,00000000), ref: 003AB365
                                                                              • Part of subcall function 003AB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,003A2194,00000034,?,?,00001004,00000000,00000000), ref: 003AB37B
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003A27CD
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003A281A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                            • String ID: @
                                                                            • API String ID: 4150878124-2766056989
                                                                            • Opcode ID: 2beb0ca2931ffefc7622486289eba1339e0d19b7c88b286564a4ef7dafce080e
                                                                            • Instruction ID: 0a5f1cd94466b6810caf88b8b74827c8acdf64f161932734c915d20148bcb3a3
                                                                            • Opcode Fuzzy Hash: 2beb0ca2931ffefc7622486289eba1339e0d19b7c88b286564a4ef7dafce080e
                                                                            • Instruction Fuzzy Hash: 54412C76900218AFDB11DFA8CD45AEEBBB8EF0A700F104095FA55BB181DB716F45CBA1
                                                                            Function 0037172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00371769
                                                                            • _free.LIBCMT ref: 00371834
                                                                            • _free.LIBCMT ref: 0037183E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$FileModuleName
                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                            • API String ID: 2506810119-1957095476
                                                                            • Opcode ID: 87b855728bb0a8c451b72bffca6664b2bddc9777015c6e193490262e1a563aba
                                                                            • Instruction ID: a30bc27c99de22bf5d7702f1828c8064068e1c40f4c85d83e3156ea983d5128b
                                                                            • Opcode Fuzzy Hash: 87b855728bb0a8c451b72bffca6664b2bddc9777015c6e193490262e1a563aba
                                                                            • Instruction Fuzzy Hash: 13318376A00258BFDB36DF99D881D9EBBFCEB85310B1581A6E90897211D7748A40CB91
                                                                            Function 003AC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 003AC306
                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 003AC34C
                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00411990,014E4860), ref: 003AC395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$InfoItem
                                                                            • String ID: 0
                                                                            • API String ID: 135850232-4108050209
                                                                            • Opcode ID: e02546e098bbda95026df6e16ef9af1cf3f9ee7febb3648948848c6a9fad6b77
                                                                            • Instruction ID: c1a0467dc79609d049057ee99590feb8c6dbed3382724c67cb77225bb798c3bd
                                                                            • Opcode Fuzzy Hash: e02546e098bbda95026df6e16ef9af1cf3f9ee7febb3648948848c6a9fad6b77
                                                                            • Instruction Fuzzy Hash: 1041D2352183019FDB22DF25D844B1ABBE8EF86310F009A1EF9A59B2D1C734EC04CB52
                                                                            Function 003D4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,003DCC08,00000000,?,?,?,?), ref: 003D44AA
                                                                            • GetWindowLongW.USER32 ref: 003D44C7
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003D44D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID: SysTreeView32
                                                                            • API String ID: 847901565-1698111956
                                                                            • Opcode ID: d0a7a00c43b186eb4db7c5bbd862d8656af83cb71a2dbdbc01744a53b9b16d51
                                                                            • Instruction ID: 7898cc8c442665a2c980d89f5062336880560a02b8ac931d127a9b8fd65c5786
                                                                            • Opcode Fuzzy Hash: d0a7a00c43b186eb4db7c5bbd862d8656af83cb71a2dbdbc01744a53b9b16d51
                                                                            • Instruction Fuzzy Hash: CB318F32210605AFDB229F38EC45BDA77A9EB09334F214716F975972E0D770EC909750
                                                                            Function 003A6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 003A6EED
                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 003A6F08
                                                                            • VariantClear.OLEAUT32(?), ref: 003A6F12
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$AllocClearCopyString
                                                                            • String ID: *j:
                                                                            • API String ID: 2173805711-2474983611
                                                                            • Opcode ID: 72a10098ced5874aa63be6511b78366ac0657188c4f1c69c24a99f5cb09dc37d
                                                                            • Instruction ID: 117f016b4cbe98b5c1ed7f4b3b70b5539bece2839f2022dcb541909b04e2dd94
                                                                            • Opcode Fuzzy Hash: 72a10098ced5874aa63be6511b78366ac0657188c4f1c69c24a99f5cb09dc37d
                                                                            • Instruction Fuzzy Hash: 9B314171604255DFCB07AFA4E8529BE77BAEF86304B141499F9024F2A1C734E922DBD1
                                                                            Function 003C304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003C335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,003C3077,?,?), ref: 003C3378
                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003C307A
                                                                            • _wcslen.LIBCMT ref: 003C309B
                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 003C3106
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                            • String ID: 255.255.255.255
                                                                            • API String ID: 946324512-2422070025
                                                                            • Opcode ID: 57841071828c5f05147a1ca9ed005e0c8b4a4406552087c5f63d813a0f4a6964
                                                                            • Instruction ID: 00c0485ffbeee0a4d5a5c3faee94ee7d8a135ca3e3e5d1c66ffdfdd70fd41241
                                                                            • Opcode Fuzzy Hash: 57841071828c5f05147a1ca9ed005e0c8b4a4406552087c5f63d813a0f4a6964
                                                                            • Instruction Fuzzy Hash: E431AE3A6042019FCB12DF28C885FAA77E4AF14318F29C059E916CB792DB32EE45C761
                                                                            Function 003D3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 003D3F40
                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003D3F54
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 003D3F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysMonthCal32
                                                                            • API String ID: 2326795674-1439706946
                                                                            • Opcode ID: 5f2fd613e185841ba4c88e3fd6ea2bf6783fb5cbf9b2936d03897f42533614b1
                                                                            • Instruction ID: 8e27fbbfab26acef2e20b25796bbc60abc213924cea4f5202c870db14819d63c
                                                                            • Opcode Fuzzy Hash: 5f2fd613e185841ba4c88e3fd6ea2bf6783fb5cbf9b2936d03897f42533614b1
                                                                            • Instruction Fuzzy Hash: 16218B33610219BFDF229F50EC46FEA3B79EB48714F110215FA15AB2D0D6B5AD50CBA0
                                                                            Function 003D4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 003D4705
                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 003D4713
                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 003D471A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyWindow
                                                                            • String ID: msctls_updown32
                                                                            • API String ID: 4014797782-2298589950
                                                                            • Opcode ID: 25f12f62630241637f304df389c394fccb64627279f33688bffbb9e6e7661ae9
                                                                            • Instruction ID: 636db024ec7a8e8e10469b0dd3ebc876621f8dcf63f478fae77c41f66f18da75
                                                                            • Opcode Fuzzy Hash: 25f12f62630241637f304df389c394fccb64627279f33688bffbb9e6e7661ae9
                                                                            • Instruction Fuzzy Hash: 7D2132B5614205AFDB12DF64ECC1DB737ADEB5A394B15005AF6109B361CB71EC11CB60
                                                                            Function 003A95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                            • API String ID: 176396367-2734436370
                                                                            • Opcode ID: 435a106015b94b8c850540b4b4773fc1d3b6c6e2db896c44d8b51b3deb11e644
                                                                            • Instruction ID: 3e0842e21999ec48e0caf0be7ac9a47623520c1a6001815a432c56c6177798ab
                                                                            • Opcode Fuzzy Hash: 435a106015b94b8c850540b4b4773fc1d3b6c6e2db896c44d8b51b3deb11e644
                                                                            • Instruction Fuzzy Hash: 232157326046106AD333AB249C43FBB73DCDF97320F118427F94AAF191EB55AD55C295
                                                                            Function 003D37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003D3840
                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003D3850
                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003D3876
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MoveWindow
                                                                            • String ID: Listbox
                                                                            • API String ID: 3315199576-2633736733
                                                                            • Opcode ID: 197b7fe3ad18bdd8e323271ba469387cc90d489cdd57339e679cfe72816868d7
                                                                            • Instruction ID: f8ae3d1b35b6c05a497c1cf48f83c2fb14b9006dc7876d457b8bd1454c62e989
                                                                            • Opcode Fuzzy Hash: 197b7fe3ad18bdd8e323271ba469387cc90d489cdd57339e679cfe72816868d7
                                                                            • Instruction Fuzzy Hash: 6221F273610118BBEF128F54EC41FBB376EEF89750F118126F9009B290C671EC1187A0
                                                                            Function 003B49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 003B4A08
                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003B4A5C
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,003DCC08), ref: 003B4AD0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$InformationVolume
                                                                            • String ID: %lu
                                                                            • API String ID: 2507767853-685833217
                                                                            • Opcode ID: 809b196fbb78209f330c8b48a097b292465bb0f7144f84461e4bea10de30941f
                                                                            • Instruction ID: d1646e5bf26df4e52e89e12b778f813c7f448fbbb1dec94a9f03c80fbd03af47
                                                                            • Opcode Fuzzy Hash: 809b196fbb78209f330c8b48a097b292465bb0f7144f84461e4bea10de30941f
                                                                            • Instruction Fuzzy Hash: 1A315E71A00219AFDB12DF54C885EAA7BF8EF08308F1480A5F909DF262D771ED46CB61
                                                                            Function 003D41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003D424F
                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003D4264
                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003D4271
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: msctls_trackbar32
                                                                            • API String ID: 3850602802-1010561917
                                                                            • Opcode ID: 204831913ed0ca11551dde66f2009fbad35cc1bfdd6879b92d435b12a7385b80
                                                                            • Instruction ID: 6ed80a11fa028c1e7d308cc12be66a6c46d2360a3800b8c6a981e1fff5ea2b99
                                                                            • Opcode Fuzzy Hash: 204831913ed0ca11551dde66f2009fbad35cc1bfdd6879b92d435b12a7385b80
                                                                            • Instruction Fuzzy Hash: 16110632250208BFEF225F38DC06FAB7BACEF95B54F120525FA55E61A0D671DC119B14
                                                                            Function 003A2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                              • Part of subcall function 003A2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A2DC5
                                                                              • Part of subcall function 003A2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 003A2DD6
                                                                              • Part of subcall function 003A2DA7: GetCurrentThreadId.KERNEL32 ref: 003A2DDD
                                                                              • Part of subcall function 003A2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003A2DE4
                                                                            • GetFocus.USER32 ref: 003A2F78
                                                                              • Part of subcall function 003A2DEE: GetParent.USER32(00000000), ref: 003A2DF9
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 003A2FC3
                                                                            • EnumChildWindows.USER32(?,003A303B), ref: 003A2FEB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                            • String ID: %s%d
                                                                            • API String ID: 1272988791-1110647743
                                                                            • Opcode ID: effc95dfe6450bc6d60f3ea33d1116c7f7c7e7f5e13ce8fddb90f8d66644d32f
                                                                            • Instruction ID: f0286dce4c12a8d3d3a2adb8421840feccdbc9a0ce80c8a986c937bfe5203f1b
                                                                            • Opcode Fuzzy Hash: effc95dfe6450bc6d60f3ea33d1116c7f7c7e7f5e13ce8fddb90f8d66644d32f
                                                                            • Instruction Fuzzy Hash: 0611E171200205ABCF56BF749C96EEE37AAEF86304F044076FD099F292DE309909CB60
                                                                            Function 003D5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003D58C1
                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003D58EE
                                                                            • DrawMenuBar.USER32(?), ref: 003D58FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$InfoItem$Draw
                                                                            • String ID: 0
                                                                            • API String ID: 3227129158-4108050209
                                                                            • Opcode ID: b0f9435a2e1b2ea14b7693d12e03769727f7e113e68892d5c6f2001f65f147b2
                                                                            • Instruction ID: eb652204661c1742d10819df8e9299439281deccda6e405c50815ddc8c88c210
                                                                            • Opcode Fuzzy Hash: b0f9435a2e1b2ea14b7693d12e03769727f7e113e68892d5c6f2001f65f147b2
                                                                            • Instruction Fuzzy Hash: 92018432510218EFDB129F15FC45FAEBBB9FF45361F10809AE849DA261DB308A94DF21
                                                                            Function 0039D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0039D3BF
                                                                            • FreeLibrary.KERNEL32 ref: 0039D3E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeLibraryProc
                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                            • API String ID: 3013587201-2590602151
                                                                            • Opcode ID: 11473a8f5c1505e86372c32784db55893abb5d7633343d12d74c9cdf443b4aab
                                                                            • Instruction ID: caf694daa01c8f9f7be4d7656075e6dfce9df45eecee67b5d8c3e27b4764e40c
                                                                            • Opcode Fuzzy Hash: 11473a8f5c1505e86372c32784db55893abb5d7633343d12d74c9cdf443b4aab
                                                                            • Instruction Fuzzy Hash: 84F05579011B128AEF3B27108C8A969331CBF10302FA68A1BE453E24A4CB20CC81CA42
                                                                            Function 003A007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6ebcb35bdc67f08fd8314d6cc538d3d8effcda27898ab28b9eb0f7651b3be8fc
                                                                            • Instruction ID: 99cd0ec36ee998850831ddeda34cb2eddaeeab49f93a655f486a55b4be2b0ccb
                                                                            • Opcode Fuzzy Hash: 6ebcb35bdc67f08fd8314d6cc538d3d8effcda27898ab28b9eb0f7651b3be8fc
                                                                            • Instruction Fuzzy Hash: 06C14C75A0020AEFDB19CFA4C898BAEB7B5FF49704F118598E505EB291D731ED41CB90
                                                                            Function 003C342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                            • String ID:
                                                                            • API String ID: 1998397398-0
                                                                            • Opcode ID: ed758129a53659f9e34c1bf1bdb525123541176a5fa8e7b34566384f11e220ad
                                                                            • Instruction ID: cf84c6a7356074ba1e47a896fe5cf46605967f17a0e745f7a784e62dbe0450fa
                                                                            • Opcode Fuzzy Hash: ed758129a53659f9e34c1bf1bdb525123541176a5fa8e7b34566384f11e220ad
                                                                            • Instruction Fuzzy Hash: AAA1F3756042109FC712DF28C485E2AB7E9EF89714F05889DF98A9F362DB31EE05CB91
                                                                            Function 003A0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,003DFC08,?), ref: 003A05F0
                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,003DFC08,?), ref: 003A0608
                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,003DCC40,000000FF,?,00000000,00000800,00000000,?,003DFC08,?), ref: 003A062D
                                                                            • _memcmp.LIBVCRUNTIME ref: 003A064E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                            • String ID:
                                                                            • API String ID: 314563124-0
                                                                            • Opcode ID: 77db0b50434f7e01a8d8d7572cf7cd6df75086e09025dde22c2398a3a66b0bc8
                                                                            • Instruction ID: fe7fcc926c1b74d09d14c400f9d4a29bbc5757542168e5f2ca79a110d4d2ef9b
                                                                            • Opcode Fuzzy Hash: 77db0b50434f7e01a8d8d7572cf7cd6df75086e09025dde22c2398a3a66b0bc8
                                                                            • Instruction Fuzzy Hash: 85812C75A00109EFCB05DFA4C984EEEB7B9FF8A315F204559E506AB250DB71AE06CF60
                                                                            Function 003CA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 003CA6AC
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 003CA6BA
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 003CA79C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 003CA7AB
                                                                              • Part of subcall function 0035CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00383303,?), ref: 0035CE8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                            • String ID:
                                                                            • API String ID: 1991900642-0
                                                                            • Opcode ID: e54194e726351377d94f3e2858a3f1e266e26587e96502b4838f666b1f8cd49c
                                                                            • Instruction ID: ce4c1bebc4ca41d28f62bf7ab6259200c7013803265659df3da50806088d4677
                                                                            • Opcode Fuzzy Hash: e54194e726351377d94f3e2858a3f1e266e26587e96502b4838f666b1f8cd49c
                                                                            • Instruction Fuzzy Hash: 5E514A71508311AFD311EF24D886E6BBBE8FF89754F00491DF9859B262EB30E904CB92
                                                                            Function 00381391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: b5e3f39df03bfbcd0fe433f980e5839791c16e256f7ade3e58de6d6662272a5e
                                                                            • Instruction ID: 015de7ba486c61efa2a7139eaedff4cfb09ddb7c0774c7394039bbcca410df8f
                                                                            • Opcode Fuzzy Hash: b5e3f39df03bfbcd0fe433f980e5839791c16e256f7ade3e58de6d6662272a5e
                                                                            • Instruction Fuzzy Hash: 49413B35A00300ABDB237BBA9C45ABE3BBCEF46330F1586A5F419DB192E67449425761
                                                                            Function 003D6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 003D62E2
                                                                            • ScreenToClient.USER32(?,?), ref: 003D6315
                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 003D6382
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientMoveRectScreen
                                                                            • String ID:
                                                                            • API String ID: 3880355969-0
                                                                            • Opcode ID: abc55191cbd22a905c721364ab2d01de73409d5b76bae85e656cc6aa8fc75163
                                                                            • Instruction ID: df14f2af99d537c20b89cf5a6d29ef5e49b7584d474e4f09bd1d7ffc66f469a1
                                                                            • Opcode Fuzzy Hash: abc55191cbd22a905c721364ab2d01de73409d5b76bae85e656cc6aa8fc75163
                                                                            • Instruction Fuzzy Hash: A5513C75A00209AFCF11DF68E8819AE7BB5FF55360F11826AF9259B3A1D730ED41CB90
                                                                            Function 003C1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 003C1AFD
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1B0B
                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003C1B8A
                                                                            • WSAGetLastError.WSOCK32 ref: 003C1B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$socket
                                                                            • String ID:
                                                                            • API String ID: 1881357543-0
                                                                            • Opcode ID: d2e83b407d69c8473f5ab7e823c38954da54b88fd501a040e172b31f2cd39afa
                                                                            • Instruction ID: 84187bd58e47817e8d2155abd28c5911fb85f6b70bb23160744c0d35556020dc
                                                                            • Opcode Fuzzy Hash: d2e83b407d69c8473f5ab7e823c38954da54b88fd501a040e172b31f2cd39afa
                                                                            • Instruction Fuzzy Hash: B8419A74600201AFE722AF24C886F3A77E5AB45718F54848CF91A9F3D3D772ED428B90
                                                                            Function 0037B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 921cd4c8b746f54d1dce4b681f6a7392696a8fbb746962dd96dfecf993661ec4
                                                                            • Instruction ID: ebf3c727537835971dce0e1523a2817615cfa56d48bdc5357cb81412869bff73
                                                                            • Opcode Fuzzy Hash: 921cd4c8b746f54d1dce4b681f6a7392696a8fbb746962dd96dfecf993661ec4
                                                                            • Instruction Fuzzy Hash: 2B41F775A00304AFD736AF79CC41B6ABBF9EB84720F10C56AF549DF682D775A9018780
                                                                            Function 003B56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003B5783
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 003B57A9
                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003B57CE
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003B57FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 3321077145-0
                                                                            • Opcode ID: fbdbbe8659832671237e5b1f5a7034120f68d7c4b055a029ed4a70531b7a69a0
                                                                            • Instruction ID: 6522f73e4667524f3a616c6faa45ce6cd07c5a6e9f74f946a2953f08476e2121
                                                                            • Opcode Fuzzy Hash: fbdbbe8659832671237e5b1f5a7034120f68d7c4b055a029ed4a70531b7a69a0
                                                                            • Instruction Fuzzy Hash: 01413D39710610DFCB12DF15C545A5EBBE2EF89724B198888E94AAF362CB35FD00CB91
                                                                            Function 0037D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00366D71,00000000,00000000,003682D9,?,003682D9,?,00000001,00366D71,?,00000001,003682D9,003682D9), ref: 0037D910
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0037D999
                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0037D9AB
                                                                            • __freea.LIBCMT ref: 0037D9B4
                                                                              • Part of subcall function 00373820: RtlAllocateHeap.NTDLL(00000000,?,00411444,?,0035FDF5,?,?,0034A976,00000010,00411440,003413FC,?,003413C6,?,00341129), ref: 00373852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                            • String ID:
                                                                            • API String ID: 2652629310-0
                                                                            • Opcode ID: c939b8f613b393175007fb612d87f10227134706ee54aeba539a37c107e09d20
                                                                            • Instruction ID: c8d9555682277d922ae551c18d976a0f7842c4fd434ffef28edb7d1e814d53b8
                                                                            • Opcode Fuzzy Hash: c939b8f613b393175007fb612d87f10227134706ee54aeba539a37c107e09d20
                                                                            • Instruction Fuzzy Hash: 3D31A072A1021AABDB269F64DC41EAE7BB5EF41310F168269FD08DA150E739CD50CB90
                                                                            Function 003D52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 003D5352
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D5375
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003D5382
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003D53A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 3340791633-0
                                                                            • Opcode ID: 53cc8347adf9428be59f721804d83fe26d3466714b3e2b64fee1fedc1d23b039
                                                                            • Instruction ID: b12bcb867474f174874c982eb0f030eeae88c84fb6a4cc5f991f19fc5bd750de
                                                                            • Opcode Fuzzy Hash: 53cc8347adf9428be59f721804d83fe26d3466714b3e2b64fee1fedc1d23b039
                                                                            • Instruction Fuzzy Hash: D031C33AA65A08EFEB379F14EC05FE8776AAB04390F594103FA10963E1C7B09E50DB41
                                                                            Function 003AAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 003AABF1
                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 003AAC0D
                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 003AAC74
                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 003AACC6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 9e8971b448ee34b631c87720bd511f676bd8ec404d4a65bf18395bdf86be1c05
                                                                            • Instruction ID: ad8ac8732812bd7b3de54e3e7855f3f01573e80801debc6166dffe7f487e2f18
                                                                            • Opcode Fuzzy Hash: 9e8971b448ee34b631c87720bd511f676bd8ec404d4a65bf18395bdf86be1c05
                                                                            • Instruction Fuzzy Hash: 39311872A14A186FFF278B6588087FA7BAAEB47330F04421AE481D61D1C3798981C752
                                                                            Function 003D7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ClientToScreen.USER32(?,?), ref: 003D769A
                                                                            • GetWindowRect.USER32(?,?), ref: 003D7710
                                                                            • PtInRect.USER32(?,?,003D8B89), ref: 003D7720
                                                                            • MessageBeep.USER32(00000000), ref: 003D778C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1352109105-0
                                                                            • Opcode ID: f12339e20bfa7423e901f0a6bf0171f86de58111bc334e365cc1dddf7f1075fc
                                                                            • Instruction ID: 2563bc140683cbc8f2fa5739d60b910bac713a869d5817a7f2affd3aeca04ab0
                                                                            • Opcode Fuzzy Hash: f12339e20bfa7423e901f0a6bf0171f86de58111bc334e365cc1dddf7f1075fc
                                                                            • Instruction Fuzzy Hash: 1A41BC76A092149FCB02CF58E884EA877F5BB49310F1984AAE5249B360E330E941CB90
                                                                            Function 003D16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32 ref: 003D16EB
                                                                              • Part of subcall function 003A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 003A3A57
                                                                              • Part of subcall function 003A3A3D: GetCurrentThreadId.KERNEL32 ref: 003A3A5E
                                                                              • Part of subcall function 003A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003A25B3), ref: 003A3A65
                                                                            • GetCaretPos.USER32(?), ref: 003D16FF
                                                                            • ClientToScreen.USER32(00000000,?), ref: 003D174C
                                                                            • GetForegroundWindow.USER32 ref: 003D1752
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                            • String ID:
                                                                            • API String ID: 2759813231-0
                                                                            • Opcode ID: b8dafef2a5cd651c80a103148b5e84a73e94eb84342508cb02c64f14242ae948
                                                                            • Instruction ID: 2b8f180e51b9dc6d352f0bdb27da2a28a8c08b52a18ce5c379d2f69d649dd3b7
                                                                            • Opcode Fuzzy Hash: b8dafef2a5cd651c80a103148b5e84a73e94eb84342508cb02c64f14242ae948
                                                                            • Instruction Fuzzy Hash: 21316175D11249AFC701DFA9D881CAEB7FDEF49304B5080AAE415EB211D731EE45CBA1
                                                                            Function 003ADF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00347620: _wcslen.LIBCMT ref: 00347625
                                                                            • _wcslen.LIBCMT ref: 003ADFCB
                                                                            • _wcslen.LIBCMT ref: 003ADFE2
                                                                            • _wcslen.LIBCMT ref: 003AE00D
                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 003AE018
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                            • String ID:
                                                                            • API String ID: 3763101759-0
                                                                            • Opcode ID: 76ea05688a0a0caa7ead950c0e59d7be9c1baac1151bcd590840efdbe3800f11
                                                                            • Instruction ID: bd9fc8630335520337a1c66c5bbf6c6b332bf0a1ea36f615c4c5221d494c5a1e
                                                                            • Opcode Fuzzy Hash: 76ea05688a0a0caa7ead950c0e59d7be9c1baac1151bcd590840efdbe3800f11
                                                                            • Instruction Fuzzy Hash: 7321E271D00214AFCB22EFA8D982BAEB7F8EF46710F114065E805BF285D7709E40CBA1
                                                                            Function 003D8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • GetCursorPos.USER32(?), ref: 003D9001
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00397711,?,?,?,?,?), ref: 003D9016
                                                                            • GetCursorPos.USER32(?), ref: 003D905E
                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00397711,?,?,?), ref: 003D9094
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                            • String ID:
                                                                            • API String ID: 2864067406-0
                                                                            • Opcode ID: cf9424d601a989adadef03f962c185a34d6f71104ce30d7917fea21708ff835c
                                                                            • Instruction ID: b635f3135d13f7f078e96659f7e4df07a196f639b50c35bb430c5270661252a4
                                                                            • Opcode Fuzzy Hash: cf9424d601a989adadef03f962c185a34d6f71104ce30d7917fea21708ff835c
                                                                            • Instruction Fuzzy Hash: 0E219F36611018EFDB269F94E858FEA7BB9EF4A350F0481A7F9059B261C3319D90DB60
                                                                            Function 003AD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNEL32(?,003DCB68), ref: 003AD2FB
                                                                            • GetLastError.KERNEL32 ref: 003AD30A
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 003AD319
                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,003DCB68), ref: 003AD376
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 2267087916-0
                                                                            • Opcode ID: 8f767fc5255f6705d632ab28e6144dacc0a3f8bc6f5660b06603a0ea94060b19
                                                                            • Instruction ID: 381529f4c037d10dfe92ffe8c8366bbe6a065d026195522ea402c1bf9ff4efb1
                                                                            • Opcode Fuzzy Hash: 8f767fc5255f6705d632ab28e6144dacc0a3f8bc6f5660b06603a0ea94060b19
                                                                            • Instruction Fuzzy Hash: BE2191745152029F8B02DF28D8814AEB7E8EF57324F104A5EF49ACB2E1D731D945CB93
                                                                            Function 003A1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003A102A
                                                                              • Part of subcall function 003A1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003A1036
                                                                              • Part of subcall function 003A1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003A1045
                                                                              • Part of subcall function 003A1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003A104C
                                                                              • Part of subcall function 003A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003A1062
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003A15BE
                                                                            • _memcmp.LIBVCRUNTIME ref: 003A15E1
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003A1617
                                                                            • HeapFree.KERNEL32(00000000), ref: 003A161E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                            • String ID:
                                                                            • API String ID: 1592001646-0
                                                                            • Opcode ID: a53d48def35ea7a40159a18c65ca06c75f64cb03d0e0abf0f003630595a61dfb
                                                                            • Instruction ID: 43e0f4193f1d0bfce724715691d0abbf2512f8acec8fb00102cd76e430cbb589
                                                                            • Opcode Fuzzy Hash: a53d48def35ea7a40159a18c65ca06c75f64cb03d0e0abf0f003630595a61dfb
                                                                            • Instruction Fuzzy Hash: 3E21AC31E51109EFDF11DFA4C945BEEB7B8EF46344F198459E841EB251E730AA05CBA0
                                                                            Function 003D2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 003D280A
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003D2824
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003D2832
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 003D2840
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$AttributesLayered
                                                                            • String ID:
                                                                            • API String ID: 2169480361-0
                                                                            • Opcode ID: cc13f8dbe8cb4f0bf905f00be2d34d3e294ea5f78249e520eef9aadb4a658ea4
                                                                            • Instruction ID: dc79135096b67ccf3f11894a847a37ad6f5627c806efabf805f93730c93c2ed0
                                                                            • Opcode Fuzzy Hash: cc13f8dbe8cb4f0bf905f00be2d34d3e294ea5f78249e520eef9aadb4a658ea4
                                                                            • Instruction Fuzzy Hash: 4E210632215111AFD7169B24E844F6BB79AEF56324F14815AF4268F7E2CB71FC42C790
                                                                            Function 003A78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 003A8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,003A790A,?,000000FF,?,003A8754,00000000,?,0000001C,?,?), ref: 003A8D8C
                                                                              • Part of subcall function 003A8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 003A8DB2
                                                                              • Part of subcall function 003A8D7D: lstrcmpiW.KERNEL32(00000000,?,003A790A,?,000000FF,?,003A8754,00000000,?,0000001C,?,?), ref: 003A8DE3
                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,003A8754,00000000,?,0000001C,?,?,00000000), ref: 003A7923
                                                                            • lstrcpyW.KERNEL32(00000000,?), ref: 003A7949
                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,003A8754,00000000,?,0000001C,?,?,00000000), ref: 003A7984
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                            • String ID: cdecl
                                                                            • API String ID: 4031866154-3896280584
                                                                            • Opcode ID: 12bea12ba83d810ca8e08e9ce6289bdf3e21588eae6ce1235e91f048e70fdb0f
                                                                            • Instruction ID: 06a6d27922125bc36bf3583643dce575f37d7e07007e8a35a6f3cb288c967324
                                                                            • Opcode Fuzzy Hash: 12bea12ba83d810ca8e08e9ce6289bdf3e21588eae6ce1235e91f048e70fdb0f
                                                                            • Instruction Fuzzy Hash: 1511D63A211242AFDB169F34DC45E7B77A9FF46350B50402FF946CB2A4EB319811C791
                                                                            Function 003D7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 003D7D0B
                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 003D7D2A
                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 003D7D42
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003BB7AD,00000000), ref: 003D7D6B
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID:
                                                                            • API String ID: 847901565-0
                                                                            • Opcode ID: f818df69ecef76aeb48bb77cb01d881a63123bad95f6766b4f6e65008b2fa0cf
                                                                            • Instruction ID: 6e33c843896defb1642d34b6a8c2d58dd53fc5f91b9ad4e7a6c5807538df9eb8
                                                                            • Opcode Fuzzy Hash: f818df69ecef76aeb48bb77cb01d881a63123bad95f6766b4f6e65008b2fa0cf
                                                                            • Instruction Fuzzy Hash: A311A5326256159FCB129F28EC04EA63BAAAF45370F158726F935C72F0E7309951DB50
                                                                            Function 003D5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 003D56BB
                                                                            • _wcslen.LIBCMT ref: 003D56CD
                                                                            • _wcslen.LIBCMT ref: 003D56D8
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 003D5816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend_wcslen
                                                                            • String ID:
                                                                            • API String ID: 455545452-0
                                                                            • Opcode ID: 9d86986cfabf9a1a0ebf551076ebb7039ccdb658a09bc2cb03d206dafe961ad1
                                                                            • Instruction ID: 951de1e93d2f3e5187743c6f42bffc2a8b7c6f7d24d516302ae85729dc46187f
                                                                            • Opcode Fuzzy Hash: 9d86986cfabf9a1a0ebf551076ebb7039ccdb658a09bc2cb03d206dafe961ad1
                                                                            • Instruction Fuzzy Hash: 4511D676A0460896DB229F65EC85AFE77BCEF10760F10802BF915D6281EB70C984CF64
                                                                            Function 00371D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e6c997b2afe498949576643f6f71b734a8e4b5b11c21ff12a02059aa66736e4
                                                                            • Instruction ID: 1cf39c4c4d502cec897a7662308c531322ebb99b57f7e769ab702154ed7c0432
                                                                            • Opcode Fuzzy Hash: 8e6c997b2afe498949576643f6f71b734a8e4b5b11c21ff12a02059aa66736e4
                                                                            • Instruction Fuzzy Hash: ED017CB32156163EEA3316787CC1F77665CEF423B8F35832AF529A51D2DB688C405560
                                                                            Function 003A1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 003A1A47
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003A1A59
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003A1A6F
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003A1A8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: ef40ec7498241ab9fc51e3f0bd27f470c03b896107a33597e7c226e38ec97493
                                                                            • Instruction ID: 9956f6e4b22bac0f98fd32790fa9c902f9138a0dcc3ce6c07b955aa8085ca08b
                                                                            • Opcode Fuzzy Hash: ef40ec7498241ab9fc51e3f0bd27f470c03b896107a33597e7c226e38ec97493
                                                                            • Instruction Fuzzy Hash: FF113C3AD01219FFEB11DBA4CD85FADFB78EB05750F200091E600B7290D671AE50DB94
                                                                            Function 003AE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 003AE1FD
                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 003AE230
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003AE246
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003AE24D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                            • String ID:
                                                                            • API String ID: 2880819207-0
                                                                            • Opcode ID: 3a470e9a626f6ef2d2966a2602abb98312d843f73a7803828c1c777d3fbc5164
                                                                            • Instruction ID: a58fbe9cf072286106e9a81a0b705ea44178bfd02c65b4c54c70edaa6192e1e4
                                                                            • Opcode Fuzzy Hash: 3a470e9a626f6ef2d2966a2602abb98312d843f73a7803828c1c777d3fbc5164
                                                                            • Instruction Fuzzy Hash: 6C11C87691425DBBD712ABA8EC09BDE7FACEB46310F048666F924D3291D674C90487A0
                                                                            Function 0036D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNEL32(00000000,?,0036CFF9,00000000,00000004,00000000), ref: 0036D218
                                                                            • GetLastError.KERNEL32 ref: 0036D224
                                                                            • __dosmaperr.LIBCMT ref: 0036D22B
                                                                            • ResumeThread.KERNEL32(00000000), ref: 0036D249
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 173952441-0
                                                                            • Opcode ID: b9cf4cda66216b0d2884caae4a210de5e0a67195fe963ff38f3cc1c38ed421fb
                                                                            • Instruction ID: 28a9639c0aa056286421d719b78f05696415ff56d84910ebd120ee5598e96cef
                                                                            • Opcode Fuzzy Hash: b9cf4cda66216b0d2884caae4a210de5e0a67195fe963ff38f3cc1c38ed421fb
                                                                            • Instruction Fuzzy Hash: 8E01D636D151047BC7135BA5EC05BAA7B6DEF81330F118619F9259A1D4CB71C941C7A0
                                                                            Function 003D9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00359BB2
                                                                            • GetClientRect.USER32(?,?), ref: 003D9F31
                                                                            • GetCursorPos.USER32(?), ref: 003D9F3B
                                                                            • ScreenToClient.USER32(?,?), ref: 003D9F46
                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 003D9F7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 4127811313-0
                                                                            • Opcode ID: 5c2aae7fde85fc92f737031356f50b5e4155d2eeb58ae39bac5bbf441f36af00
                                                                            • Instruction ID: a2e3b1d659f306d1d19a90b51f47158f7f550a5a76a776cd6b05299deb0efe9d
                                                                            • Opcode Fuzzy Hash: 5c2aae7fde85fc92f737031356f50b5e4155d2eeb58ae39bac5bbf441f36af00
                                                                            • Instruction Fuzzy Hash: FD11483291011AABDB02DF68E845EEE77BDFB05312F404553F911E7250D330BA95CBA5
                                                                            Function 0034600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0034604C
                                                                            • GetStockObject.GDI32(00000011), ref: 00346060
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0034606A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                            • String ID:
                                                                            • API String ID: 3970641297-0
                                                                            • Opcode ID: ac14fe90671f9c2040f1352f1ea4446f5b3a89dda11f08387d1c3badd4ca14e0
                                                                            • Instruction ID: 3fb4668e6b60cea176bb68cbec9a56fdbe8f72d0e1181772480e4daacaaf4309
                                                                            • Opcode Fuzzy Hash: ac14fe90671f9c2040f1352f1ea4446f5b3a89dda11f08387d1c3badd4ca14e0
                                                                            • Instruction Fuzzy Hash: D411A1B2516609BFEF134F94DC45EEABBADEF09355F050212FA1456010C732EC60DB91
                                                                            Function 00363B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00363B56
                                                                              • Part of subcall function 00363AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00363AD2
                                                                              • Part of subcall function 00363AA3: ___AdjustPointer.LIBCMT ref: 00363AED
                                                                            • _UnwindNestedFrames.LIBCMT ref: 00363B6B
                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00363B7C
                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00363BA4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                            • String ID:
                                                                            • API String ID: 737400349-0
                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction ID: 5c97a436c4ef33cac304e95f88400430b44b66b0a2b6a2b0864f45630aada460
                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction Fuzzy Hash: AB012932500149BBDF135E95CC42EEB3F69EF49754F058014FE485A125C732E961EBA0
                                                                            Function 00373073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,003413C6,00000000,00000000,?,0037301A,003413C6,00000000,00000000,00000000,?,0037328B,00000006,FlsSetValue), ref: 003730A5
                                                                            • GetLastError.KERNEL32(?,0037301A,003413C6,00000000,00000000,00000000,?,0037328B,00000006,FlsSetValue,003E2290,FlsSetValue,00000000,00000364,?,00372E46), ref: 003730B1
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0037301A,003413C6,00000000,00000000,00000000,?,0037328B,00000006,FlsSetValue,003E2290,FlsSetValue,00000000), ref: 003730BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 3177248105-0
                                                                            • Opcode ID: c5583b31657c2b631108b1cf0765fcf6a741cbeea86853ea0ebf956adbfdc652
                                                                            • Instruction ID: f2debc3a74d2a4e97e122969068433c9bb05f7fc8ab2b2f0cf38754113aba584
                                                                            • Opcode Fuzzy Hash: c5583b31657c2b631108b1cf0765fcf6a741cbeea86853ea0ebf956adbfdc652
                                                                            • Instruction Fuzzy Hash: 4A01F732762223ABCB334B78AC449677B9CAF05B61F218720F90BE7180D729D901D6E0
                                                                            Function 003A7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 003A747F
                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 003A7497
                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003A74AC
                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 003A74CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                            • String ID:
                                                                            • API String ID: 1352324309-0
                                                                            • Opcode ID: 33933c96d2f6ace4a074788eddad1dbe47874855db26fb2086c20be96c26c86b
                                                                            • Instruction ID: e5260b37d6d1bb5bf06b2d3f4a3e84c195eab0cfb89a8b460682eac8644db0af
                                                                            • Opcode Fuzzy Hash: 33933c96d2f6ace4a074788eddad1dbe47874855db26fb2086c20be96c26c86b
                                                                            • Instruction Fuzzy Hash: 8111D6B12163119FE722CF16EC48FA27FFCEB05B00F10856AA616D7551D770E904DB50
                                                                            Function 003AB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003AACD3,?,00008000), ref: 003AB0C4
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003AACD3,?,00008000), ref: 003AB0E9
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,003AACD3,?,00008000), ref: 003AB0F3
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,003AACD3,?,00008000), ref: 003AB126
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CounterPerformanceQuerySleep
                                                                            • String ID:
                                                                            • API String ID: 2875609808-0
                                                                            • Opcode ID: 06851b4d542373ca827079fc04e0a837ec4db0224f62c66284f3b8fc947ed776
                                                                            • Instruction ID: 090ffa24c48ec07ad9e437097fc26591fbf622fc0943b07c7c3e3d84b173782c
                                                                            • Opcode Fuzzy Hash: 06851b4d542373ca827079fc04e0a837ec4db0224f62c66284f3b8fc947ed776
                                                                            • Instruction Fuzzy Hash: E2113931C11529E7CF06AFA4E958AEEFB78FF0A711F114096D981B2182CB305650CB51
                                                                            Function 003D7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 003D7E33
                                                                            • ScreenToClient.USER32(?,?), ref: 003D7E4B
                                                                            • ScreenToClient.USER32(?,?), ref: 003D7E6F
                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 003D7E8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                            • String ID:
                                                                            • API String ID: 357397906-0
                                                                            • Opcode ID: 696767eba902934941c2dd7dd3ee08272163cb12d69a2a5cb8591cdfeb8a5fd3
                                                                            • Instruction ID: b109392c3483b8399e073bf0bfa9a2cab994f98ce19bec836cfd701b8a33a2ec
                                                                            • Opcode Fuzzy Hash: 696767eba902934941c2dd7dd3ee08272163cb12d69a2a5cb8591cdfeb8a5fd3
                                                                            • Instruction Fuzzy Hash: F51156B9D1020AAFDB41CF98D884AEEBBF9FF08310F505156E915E3210D735AA54CF50
                                                                            Function 003A2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 003A2DC5
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 003A2DD6
                                                                            • GetCurrentThreadId.KERNEL32 ref: 003A2DDD
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 003A2DE4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 2710830443-0
                                                                            • Opcode ID: b2733a6240e814978e561a1c74a1738823718e1d3cda2949e1707cd26d3bfd2d
                                                                            • Instruction ID: 45421187be8a317d64677530e5b8471e178679b799fc727179f3951a764bc2fd
                                                                            • Opcode Fuzzy Hash: b2733a6240e814978e561a1c74a1738823718e1d3cda2949e1707cd26d3bfd2d
                                                                            • Instruction Fuzzy Hash: FFE09271122225BBDB221B76AC0DFEB3F6CFF43BA1F041116F505D10819AA4C840C6B0
                                                                            Function 003D8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00359639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00359693
                                                                              • Part of subcall function 00359639: SelectObject.GDI32(?,00000000), ref: 003596A2
                                                                              • Part of subcall function 00359639: BeginPath.GDI32(?), ref: 003596B9
                                                                              • Part of subcall function 00359639: SelectObject.GDI32(?,00000000), ref: 003596E2
                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 003D8887
                                                                            • LineTo.GDI32(?,?,?), ref: 003D8894
                                                                            • EndPath.GDI32(?), ref: 003D88A4
                                                                            • StrokePath.GDI32(?), ref: 003D88B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                            • String ID:
                                                                            • API String ID: 1539411459-0
                                                                            • Opcode ID: bda64bfe03f40f9f1c7d7751a9d19330538376918c0e1b4cc1275f6375068be3
                                                                            • Instruction ID: 0be0337a0eec238cae7df048161a1cb37ca39dbecfc4ec800ace3f8137392bdc
                                                                            • Opcode Fuzzy Hash: bda64bfe03f40f9f1c7d7751a9d19330538376918c0e1b4cc1275f6375068be3
                                                                            • Instruction Fuzzy Hash: F6F03A36066259FADB135F94AC09FCA3B5DAF06311F048002FA21651E1C7756511DBA9
                                                                            Function 003598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 003598CC
                                                                            • SetTextColor.GDI32(?,?), ref: 003598D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 003598E9
                                                                            • GetStockObject.GDI32(00000005), ref: 003598F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$ModeObjectStockText
                                                                            • String ID:
                                                                            • API String ID: 4037423528-0
                                                                            • Opcode ID: be06ec522ccbf20088b1d1aa3886af5de12f3ad503fdeec9dcbf472e30921255
                                                                            • Instruction ID: 40e9791b8dd90134493cbe32de041c62b4835ce945ceb8be16777e1f31644f52
                                                                            • Opcode Fuzzy Hash: be06ec522ccbf20088b1d1aa3886af5de12f3ad503fdeec9dcbf472e30921255
                                                                            • Instruction Fuzzy Hash: 42E06D31265291AADF225B75BC0DBE83F25AB12336F05821BF6FA980E1C3714644DB10
                                                                            Function 003A162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThread.KERNEL32 ref: 003A1634
                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,003A11D9), ref: 003A163B
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003A11D9), ref: 003A1648
                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,003A11D9), ref: 003A164F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3974789173-0
                                                                            • Opcode ID: 08b21a5098d2fcb363d1df4bf0eb070c49d089c64566c5bcf7ffd99de17763fb
                                                                            • Instruction ID: 88a844bacb3021cd243109e93b34cc1406b46aa34ea53f3eff87c4a1172efe27
                                                                            • Opcode Fuzzy Hash: 08b21a5098d2fcb363d1df4bf0eb070c49d089c64566c5bcf7ffd99de17763fb
                                                                            • Instruction Fuzzy Hash: A0E08631A23212DBDB211FE0BE0DB463B7CFF457A1F154809F645C9090D6348440C750
                                                                            Function 0039D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0039D858
                                                                            • GetDC.USER32(00000000), ref: 0039D862
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0039D882
                                                                            • ReleaseDC.USER32(?), ref: 0039D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 7e76772e42068e47d5dfe01506383cd0998d4201767e28b203da32bc8d5ebba4
                                                                            • Instruction ID: da243522d16b4df4c6bac6a5bdb0a22b0e2dbd4893df9df94c7cbedcc6e095df
                                                                            • Opcode Fuzzy Hash: 7e76772e42068e47d5dfe01506383cd0998d4201767e28b203da32bc8d5ebba4
                                                                            • Instruction Fuzzy Hash: CDE01AB0C21206DFCF429FA0E808A6DBBB9FB08311F18A00AE806E7650C7389905EF40
                                                                            Function 0039D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0039D86C
                                                                            • GetDC.USER32(00000000), ref: 0039D876
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0039D882
                                                                            • ReleaseDC.USER32(?), ref: 0039D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 69a1b4429559e517a79b7c26b1ea3d65b34cc9dfc9200b51afe76ad16215ec8c
                                                                            • Instruction ID: bb2351c654763c2939f6c543a119ed5abb8183418200d96fd19645156ed75e6f
                                                                            • Opcode Fuzzy Hash: 69a1b4429559e517a79b7c26b1ea3d65b34cc9dfc9200b51afe76ad16215ec8c
                                                                            • Instruction Fuzzy Hash: 25E09A75C21205DFCB529FA0E80866DBBB9FB08311F18A44AE946E7250C7399905DF50
                                                                            Function 003B4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00347620: _wcslen.LIBCMT ref: 00347625
                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 003B4ED4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Connection_wcslen
                                                                            • String ID: *$LPT
                                                                            • API String ID: 1725874428-3443410124
                                                                            • Opcode ID: 873e0da6c58ef5cd8fd12f8cad28355aa496fbfe3a8dc5a346bd98decc034c10
                                                                            • Instruction ID: 0eb38a0759b1eb21b934924d134c25ca2207f0e28f7c5894eb64d26a966a48d3
                                                                            • Opcode Fuzzy Hash: 873e0da6c58ef5cd8fd12f8cad28355aa496fbfe3a8dc5a346bd98decc034c10
                                                                            • Instruction Fuzzy Hash: D3918075A002149FCB16DF58C484EAABBF5BF44308F198099E90A9F763C735ED85CB94
                                                                            Function 0036E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0036E30D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorHandling__start
                                                                            • String ID: pow
                                                                            • API String ID: 3213639722-2276729525
                                                                            • Opcode ID: fd65d5a3ad404719e90805af6d94d6d6b2379804570d48b9a18e5c60214a9d7a
                                                                            • Instruction ID: 45ba58e02dd8e61f8e6d48fd5178672b010dab77b0a554041c79c98b8a2e2061
                                                                            • Opcode Fuzzy Hash: fd65d5a3ad404719e90805af6d94d6d6b2379804570d48b9a18e5c60214a9d7a
                                                                            • Instruction Fuzzy Hash: FA517F69A0C10296CB377714C9413BA3BACDB40740F35CD69E0D9877EDDF398C999A86
                                                                            Function 003C7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(0039569E,00000000,?,003DCC08,?,00000000,00000000), ref: 003C78DD
                                                                              • Part of subcall function 00346B57: _wcslen.LIBCMT ref: 00346B6A
                                                                            • CharUpperBuffW.USER32(0039569E,00000000,?,003DCC08,00000000,?,00000000,00000000), ref: 003C783B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper$_wcslen
                                                                            • String ID: <s@
                                                                            • API String ID: 3544283678-2701045315
                                                                            • Opcode ID: 6a8d56519b08da7913e41bb8d1e2c55feaefb0adabd395bf81422f3e40cf3405
                                                                            • Instruction ID: 8fcc631bddff1ebb411d5859b15eea09009cf2718cd7d1614ff8f80f66956126
                                                                            • Opcode Fuzzy Hash: 6a8d56519b08da7913e41bb8d1e2c55feaefb0adabd395bf81422f3e40cf3405
                                                                            • Instruction Fuzzy Hash: DD6132769141199ACF06EFA4CC52EFDB3B8FF14300B545529E942BB091EF346E05DBA1
                                                                            Function 0035E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 5432a1f18c408e600419aa7ed0723411b3916f224259ba39108de7c6e6c78e34
                                                                            • Instruction ID: f4a2e5c99fcc6cf7758f1c680b2be355c5d9b5d2c0fce2046b0f44aa1b5a8713
                                                                            • Opcode Fuzzy Hash: 5432a1f18c408e600419aa7ed0723411b3916f224259ba39108de7c6e6c78e34
                                                                            • Instruction Fuzzy Hash: CF512335904346DFDF1BEFA8C481ABA7BA8EF15310F244455EC919B2E0D734AE46CBA1
                                                                            Function 0035F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNEL32(00000000), ref: 0035F2A2
                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0035F2BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemorySleepStatus
                                                                            • String ID: @
                                                                            • API String ID: 2783356886-2766056989
                                                                            • Opcode ID: 1314fb70c76aad2fbfce6ed6c5a018edcd15c42d3873c4bffec436ed8a402392
                                                                            • Instruction ID: c3841a1de0156bf28ccdd487bd895b5fdd6c8dd64115f5fb89c3d79ea47711f8
                                                                            • Opcode Fuzzy Hash: 1314fb70c76aad2fbfce6ed6c5a018edcd15c42d3873c4bffec436ed8a402392
                                                                            • Instruction Fuzzy Hash: 335174714187459BD321AF50E886BABBBF8FB84304F81884CF1D9490A5EB319528CB67
                                                                            Function 003C5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 003C57E0
                                                                            • _wcslen.LIBCMT ref: 003C57EC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper_wcslen
                                                                            • String ID: CALLARGARRAY
                                                                            • API String ID: 157775604-1150593374
                                                                            • Opcode ID: 1fe03cf84b98a2c720b28c7b7d025b57e1de3f34c2f061ec4d37477a5bcda45e
                                                                            • Instruction ID: bd29b67967eecb5b889b43ebe17fda3c9c6a30708c7246eee29a6f8cd7c926f4
                                                                            • Opcode Fuzzy Hash: 1fe03cf84b98a2c720b28c7b7d025b57e1de3f34c2f061ec4d37477a5bcda45e
                                                                            • Instruction Fuzzy Hash: 54418D71E002199FCB16DFA9C881EAEBBB5EF59350F15406DE505AB291E730AD81CBA0
                                                                            Function 003BD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 003BD130
                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003BD13A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CrackInternet_wcslen
                                                                            • String ID: |
                                                                            • API String ID: 596671847-2343686810
                                                                            • Opcode ID: 60252cf8de428b2a2203dfce28c317d02c15638f8a65ac8e84e6788b477a9874
                                                                            • Instruction ID: 19977590fac556041d38a17e85f0f5b9cf2b8c427b63e2eb907980d990b62966
                                                                            • Opcode Fuzzy Hash: 60252cf8de428b2a2203dfce28c317d02c15638f8a65ac8e84e6788b477a9874
                                                                            • Instruction Fuzzy Hash: 16312C71D01209ABCF16EFA4CD85AEEBFB9FF05304F104019F915AA166E731AA56CF60
                                                                            Function 003D356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 003D3621
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003D365C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DestroyMove
                                                                            • String ID: static
                                                                            • API String ID: 2139405536-2160076837
                                                                            • Opcode ID: 4adbafb72d22b4504499feb53b9dde1930afdf67d776c29089b96db5ef49f55f
                                                                            • Instruction ID: 4e8c432aef2287d37d302ea61b893340005512d3c5d0832664627010d625ce4b
                                                                            • Opcode Fuzzy Hash: 4adbafb72d22b4504499feb53b9dde1930afdf67d776c29089b96db5ef49f55f
                                                                            • Instruction Fuzzy Hash: 1431B072110604AEDB119F38EC81EFB73A9FF48720F01961AF8A597290DA35ED81C761
                                                                            Function 003D4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 003D461F
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003D4634
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: '
                                                                            • API String ID: 3850602802-1997036262
                                                                            • Opcode ID: d835d4c7d3e57e62eed03171cdd3582128aec2b47a298369bb0df54ff225e22b
                                                                            • Instruction ID: 3c5cb2a4b3b2b05d2f72b681fde8d99d4849d95d5e8cc0ee7e4f0683d88b078f
                                                                            • Opcode Fuzzy Hash: d835d4c7d3e57e62eed03171cdd3582128aec2b47a298369bb0df54ff225e22b
                                                                            • Instruction Fuzzy Hash: 8A3128B5A013099FDB15CF69E981BDABBB6FF0A300F14406AE905AB351D770E941CF90
                                                                            Function 003D31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003D327C
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003D3287
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: Combobox
                                                                            • API String ID: 3850602802-2096851135
                                                                            • Opcode ID: fef405e52b04f73968efb699584787eb6d8db9b11af32b358285d3aa4b4430a2
                                                                            • Instruction ID: b5ab01dc7eef0d9c8039c5d38a6fd7a7dab70b960a767208c23d7f04eb20229c
                                                                            • Opcode Fuzzy Hash: fef405e52b04f73968efb699584787eb6d8db9b11af32b358285d3aa4b4430a2
                                                                            • Instruction Fuzzy Hash: 0D11E672B001087FEF129F54EC81EBB375AEB94364F114526F5149B390D631DD518761
                                                                            Function 003D3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0034600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0034604C
                                                                              • Part of subcall function 0034600E: GetStockObject.GDI32(00000011), ref: 00346060
                                                                              • Part of subcall function 0034600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0034606A
                                                                            • GetWindowRect.USER32(00000000,?), ref: 003D377A
                                                                            • GetSysColor.USER32(00000012), ref: 003D3794
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                            • String ID: static
                                                                            • API String ID: 1983116058-2160076837
                                                                            • Opcode ID: 6ddf4bf40aed69fa224c0501cc05a0b22076541249197008616de5867a3bb9d2
                                                                            • Instruction ID: 7ef2d5fddef09431b091130b16b4a36788f4cf9290d213f5b820de1c9f6472b8
                                                                            • Opcode Fuzzy Hash: 6ddf4bf40aed69fa224c0501cc05a0b22076541249197008616de5867a3bb9d2
                                                                            • Instruction Fuzzy Hash: 16116AB262060AAFDF02DFA8DC46EEA7BF8FB08304F014516F955E2250D735E810DB60
                                                                            Function 003BCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003BCD7D
                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003BCDA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$OpenOption
                                                                            • String ID: <local>
                                                                            • API String ID: 942729171-4266983199
                                                                            • Opcode ID: 83aeae7fdf58dadc1cb3f0687f8abbcb4d33286ca6914a988769adc6a5925bb2
                                                                            • Instruction ID: 69ab5a4e8ff9f8ebdef028432a1f44ffb345941f10d1002dab28e11fa118aa36
                                                                            • Opcode Fuzzy Hash: 83aeae7fdf58dadc1cb3f0687f8abbcb4d33286ca6914a988769adc6a5925bb2
                                                                            • Instruction Fuzzy Hash: E01106792216327AD7364B668C44FE7BE6CEF127A8F40523EB24983880D7709940D6F0
                                                                            Function 003D3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 003D34AB
                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003D34BA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LengthMessageSendTextWindow
                                                                            • String ID: edit
                                                                            • API String ID: 2978978980-2167791130
                                                                            • Opcode ID: d925acc24a22241a12da072b6c9baf33b0c2a7519d9652907b079c26a96269a8
                                                                            • Instruction ID: 6392216a58945ed9c4b0b3227f8a6ac794357fee31f3e560520520e77bad5fd5
                                                                            • Opcode Fuzzy Hash: d925acc24a22241a12da072b6c9baf33b0c2a7519d9652907b079c26a96269a8
                                                                            • Instruction Fuzzy Hash: 10119D72110108AAEB134F65FC40AFB376AEB05374F514326F960972E0C779EC519752
                                                                            Function 003A6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 003A6CB6
                                                                            • _wcslen.LIBCMT ref: 003A6CC2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: STOP
                                                                            • API String ID: 1256254125-2411985666
                                                                            • Opcode ID: 878e71e8ef7b7dd041af9e7ade08a50f3d2afddfe5ea1e74decb2804ae1e9f95
                                                                            • Instruction ID: 260005997348112038ae61bb27cd1797618f1ad0b0b3058ce890d10981c703be
                                                                            • Opcode Fuzzy Hash: 878e71e8ef7b7dd041af9e7ade08a50f3d2afddfe5ea1e74decb2804ae1e9f95
                                                                            • Instruction Fuzzy Hash: 560108326105278BCB129FBDDC829BF33E8EE627607060535E4629A195EB31D900C650
                                                                            Function 003A1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003A1D4C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 7db816a35605889734e11f24bef6c1a256e0afd2104241494d1d29151c7800b0
                                                                            • Instruction ID: 8cba7c126906aaec01c59a5aba45ca87c846c6fe08bbb425b289a19e7c962bb3
                                                                            • Opcode Fuzzy Hash: 7db816a35605889734e11f24bef6c1a256e0afd2104241494d1d29151c7800b0
                                                                            • Instruction Fuzzy Hash: E501D875651214ABCB06FBA4DC55DFFB7A8EB57350F14061AF8326F2C1EA346908C660
                                                                            Function 003A1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 003A1C46
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 40d1e47268abb955b2d6dc2976cfb2ff5c9e1977c6da7ac690ca265a3697e6fc
                                                                            • Instruction ID: df72fbd838ed9fe69f393f3119b7c9ab641fd34bff497056f628bff1138ad6ac
                                                                            • Opcode Fuzzy Hash: 40d1e47268abb955b2d6dc2976cfb2ff5c9e1977c6da7ac690ca265a3697e6fc
                                                                            • Instruction Fuzzy Hash: 1D01A775AC110466CB06EB90DD51AFF77ECDB12350F14001AB4067B2C2EA24AE08C6B1
                                                                            Function 003A1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 003A1CC8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: c80c6c43bb8e68ebbbb8da2ad16feca82221cec90b4cf063902bc306d07109ed
                                                                            • Instruction ID: 5ecd6e2bf6194d672dbc49364b748ba52cd42fad9c0516e4d54a7ca9cc82ca1a
                                                                            • Opcode Fuzzy Hash: c80c6c43bb8e68ebbbb8da2ad16feca82221cec90b4cf063902bc306d07109ed
                                                                            • Instruction Fuzzy Hash: 350186B5A8111867CF16EBA4DE55BFF77ECDB12350F140116B8027B282EA65AF08C6B1
                                                                            Function 0035A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 0035A529
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer_wcslen
                                                                            • String ID: ,%A$3y9
                                                                            • API String ID: 2551934079-252068093
                                                                            • Opcode ID: cdbeb1af9d4d662f7dbc59746f8fddfb3af25fa018c15413593f404a63795d32
                                                                            • Instruction ID: dda52000969971a12f7b29698a8619feebcb26cd1b6a4a11a525fab8067439cf
                                                                            • Opcode Fuzzy Hash: cdbeb1af9d4d662f7dbc59746f8fddfb3af25fa018c15413593f404a63795d32
                                                                            • Instruction Fuzzy Hash: 52017B31700A1097C507F7A8E85BFAE3394DB06711F404565F9025F2D3EE906D49969B
                                                                            Function 003A1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00349CB3: _wcslen.LIBCMT ref: 00349CBD
                                                                              • Part of subcall function 003A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 003A3CCA
                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 003A1DD3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 59784af09810ff7ece6606609ed645911f820c06194876538287b92fd1921d82
                                                                            • Instruction ID: d0b4b8151b9488fe57157cc8b5db5f2b4bfb07e1b14a22fafe57af05e02a626a
                                                                            • Opcode Fuzzy Hash: 59784af09810ff7ece6606609ed645911f820c06194876538287b92fd1921d82
                                                                            • Instruction Fuzzy Hash: D9F0C871B9121466DB06F7A4DD96FFF77BCEB03350F140916B8227B2C2DA70790886A0
                                                                            Function 003D8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00413018,0041305C), ref: 003D81BF
                                                                            • CloseHandle.KERNEL32 ref: 003D81D1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateHandleProcess
                                                                            • String ID: \0A
                                                                            • API String ID: 3712363035-1148864819
                                                                            • Opcode ID: 3a74f05ad0e6867a7dbeba1b7c8e3e904e65f954e589c73b437200eaeffeeea4
                                                                            • Instruction ID: 13ad58641849de49ddac76d8972d8f9bcde13ad3856d090fdaf8dca915bb842c
                                                                            • Opcode Fuzzy Hash: 3a74f05ad0e6867a7dbeba1b7c8e3e904e65f954e589c73b437200eaeffeeea4
                                                                            • Instruction Fuzzy Hash: CCF05EB5650300BAE7216F61AC45FF73E9CDB09752F018432BB08D91A6D7799F4482BC
                                                                            Function 003C747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: 3, 3, 16, 1
                                                                            • API String ID: 176396367-3042988571
                                                                            • Opcode ID: 7a583c0dcdeb2f07df67097c95a7a66e347a9398a61b04b26c1a3c7c436042a9
                                                                            • Instruction ID: f133ae9910c7e250a3ee30b93aa842cb083543c28a1b3cb4ee5418b3cf8b8718
                                                                            • Opcode Fuzzy Hash: 7a583c0dcdeb2f07df67097c95a7a66e347a9398a61b04b26c1a3c7c436042a9
                                                                            • Instruction Fuzzy Hash: D9E02B02A4462010A237127B9CC5F7F56CADFC5790710182FFD81C626AEB948DA193A1
                                                                            Function 003A0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003A0B23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message
                                                                            • String ID: AutoIt$Error allocating memory.
                                                                            • API String ID: 2030045667-4017498283
                                                                            • Opcode ID: 35ec66f201842a0e8a262ef03e16cb13e3c452f834e9541f5c017ed9ea6498f8
                                                                            • Instruction ID: 47203828a132fca2974fff4eb46f7308776f15e490c26a6730cd2f869dd9a23a
                                                                            • Opcode Fuzzy Hash: 35ec66f201842a0e8a262ef03e16cb13e3c452f834e9541f5c017ed9ea6498f8
                                                                            • Instruction Fuzzy Hash: 46E0D8322643092AD2163794BC03FC97BC4CF05B11F100427FB485D5D38AE2645086A9
                                                                            Function 00360D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0035F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00360D71,?,?,?,0034100A), ref: 0035F7CE
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0034100A), ref: 00360D75
                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0034100A), ref: 00360D84
                                                                            Strings
                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00360D7F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                            • API String ID: 55579361-631824599
                                                                            • Opcode ID: 68331a9c37f6212f499e4ec9152764d20cf2d031af094871cf8bca88e3b7b648
                                                                            • Instruction ID: 79dc6333d28a84b9c9b48578de4bcac0a7d89dc7846326d2f1cf826932100c0d
                                                                            • Opcode Fuzzy Hash: 68331a9c37f6212f499e4ec9152764d20cf2d031af094871cf8bca88e3b7b648
                                                                            • Instruction Fuzzy Hash: 1BE06D742003018FD7269FB8E4457827BE4AB04745F008A2EE882CA769DBB0E448CB91
                                                                            Function 0035E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 0035E3D5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: 0%A$8%A
                                                                            • API String ID: 1385522511-3959272176
                                                                            • Opcode ID: 8e3378285e835c1213e0a97e2c3d84a75ede7c067c91064aaf660dc05233a85b
                                                                            • Instruction ID: 2d03a91a131d22a7889b546f6e288a3783121ec24c472490df4d8f76b4383d5f
                                                                            • Opcode Fuzzy Hash: 8e3378285e835c1213e0a97e2c3d84a75ede7c067c91064aaf660dc05233a85b
                                                                            • Instruction Fuzzy Hash: F1E02639400910EBC60E9718FBE5ECA3357AB05321B918175E802CB1E1DBB42985865C
                                                                            Function 003B3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 003B302F
                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 003B3044
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Temp$FileNamePath
                                                                            • String ID: aut
                                                                            • API String ID: 3285503233-3010740371
                                                                            • Opcode ID: 92168af3c84d0048109c806ee976b3065e3acff17eef6a1ad05e7414fd16b5ac
                                                                            • Instruction ID: 12141c3fcc7f6778642d27780900eb9075bd91421b9c85122385169d7cb4e37a
                                                                            • Opcode Fuzzy Hash: 92168af3c84d0048109c806ee976b3065e3acff17eef6a1ad05e7414fd16b5ac
                                                                            • Instruction Fuzzy Hash: DFD05B7151131467DE20A7A4AC0DFC73B6CD705750F000662B655E20D1DBB49544CAD0
                                                                            Function 0039D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LocalTime
                                                                            • String ID: %.3d$X64
                                                                            • API String ID: 481472006-1077770165
                                                                            • Opcode ID: 358e39160da5c9f843e61d623286ed0ed0faae022eab795747aeddbc96b13d35
                                                                            • Instruction ID: 112eff198c77a7f9fa2f7ee786fdc6e3968eea4b5d00c45b11757195e2345ccd
                                                                            • Opcode Fuzzy Hash: 358e39160da5c9f843e61d623286ed0ed0faae022eab795747aeddbc96b13d35
                                                                            • Instruction Fuzzy Hash: E6D01261C09109E9CF5297D0DC46DB9B37CBB18301F608862FC46A2881D634D508A761
                                                                            Function 003D2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003D232C
                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 003D233F
                                                                              • Part of subcall function 003AE97B: Sleep.KERNEL32 ref: 003AE9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 5b6e9d29f960f933132cc4faa4b5b47050a4cc98e7b43de55ad654718ccc0341
                                                                            • Instruction ID: b0c5d4f234a692848336931e8d3e93c0884755392bf6c77e082856e0d7b0ece8
                                                                            • Opcode Fuzzy Hash: 5b6e9d29f960f933132cc4faa4b5b47050a4cc98e7b43de55ad654718ccc0341
                                                                            • Instruction Fuzzy Hash: 52D0A9323A1310B6EA64A330AC0FFC6BA089B01B00F0009277206AA0D0CAB4A800CA08
                                                                            Function 003D2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003D236C
                                                                            • PostMessageW.USER32(00000000), ref: 003D2373
                                                                              • Part of subcall function 003AE97B: Sleep.KERNEL32 ref: 003AE9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 7ef4bc8be5414b5fe5878b1188e60715b847af54c12b114b406facae7b8c349a
                                                                            • Instruction ID: 1ab152f1410052bb1f773c24254fb82c5765453634423f75a64e776dc37878d5
                                                                            • Opcode Fuzzy Hash: 7ef4bc8be5414b5fe5878b1188e60715b847af54c12b114b406facae7b8c349a
                                                                            • Instruction Fuzzy Hash: 5BD0A9323A23107AEA65A330AC0FFC6B6089B02B00F0009277202AA0D0CAB4A800CA08
                                                                            Function 0037BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0037BE93
                                                                            • GetLastError.KERNEL32 ref: 0037BEA1
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0037BEFC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1673634891.0000000000341000.00000020.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                            • Associated: 00000000.00000002.1673620124.0000000000340000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.00000000003DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673681131.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673716709.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1673732000.0000000000414000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1717984340-0
                                                                            • Opcode ID: 71347e31c11b869a6aedf007c967ddc32bbe34e0adab91a32af981c6a0985df0
                                                                            • Instruction ID: c2d68835539bcd9721e0cc163a2fb369a738c16328e91fed2fd2c2e67ea38b47
                                                                            • Opcode Fuzzy Hash: 71347e31c11b869a6aedf007c967ddc32bbe34e0adab91a32af981c6a0985df0
                                                                            • Instruction Fuzzy Hash: 9841C434601216AFDB338F64DC54BAAFBB9AF41B10F15C169F95D9B2A1DB348D00CB60