Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1504861
MD5:9174e680d1b0ea8cdb3ee932ec2dfc6f
SHA1:49ba7df579d1b30e9c4474ba6733748614ab5c68
SHA256:136d5473ded4b9a2bef3ef6160a377c0965b4e7292fb81980219ef8cc7d96cfd
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6500 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9174E680D1B0EA8CDB3EE932EC2DFC6F)
    • msedge.exe (PID: 1352 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 5616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2056,i,6247163367441240488,2576398707470590896,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 5608 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 3228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 1816 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3652 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccf95cfb-f749-4af2-904e-7994877402df} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2408cb6db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4456 -parentBuildID 20230927232528 -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26273 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f8d3111-a88f-4b01-91e4-af2e9be1c464} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2409f819410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 5948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2688 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4676 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6736 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=8500 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7904 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8648 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8496 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5796 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8780 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00BEDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBC2A2 FindFirstFileExW,0_2_00BBC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF68EE FindFirstFileW,FindClose,0_2_00BF68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00BF698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00BED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00BED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BF9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BF979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00BF9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00BF5C97
Source: firefox.exeMemory has grown: Private usage: 0MB later: 96MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.55.235.170 23.55.235.170
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.174
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.174
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00BFCE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=403473328&timestamp=1725539476166 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726144273&P2=404&P3=2&P4=gRzw0TlO28v3xn3M7ZJhhK0eBAMU0JhFJIg7WN8JZ5MTymrQli7NI%2bsdHZx608dhOnKfPCyJKrT9LBIEthiwCg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 3Al34tMPCy06pq6FBnsh7ySec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdKrGKVxsOrhn2G&MD=bUKt+RBK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdKrGKVxsOrhn2G&MD=bUKt+RBK HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2476182627.000002409CB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481620846.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2476182627.000002409CB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481620846.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log7.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log7.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log7.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2951636377.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291354489.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788760828.000002409CB7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2479963202.000002409DDFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2249500185.000002409B379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2249500185.000002409B379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2479963202.000002409DDFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2490394108.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605070894581","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605073479700","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605073618754","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370106673646437","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605076960847","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605078686234","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605077598366","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":233391},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605107405812","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":335461},"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605079237187","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":226681},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.2248120040.000002409CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2492675453.000002409CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.3337640147.000002408CB6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2475949403.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2951259551.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2531288077.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788464539.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2906846651.000002409D936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2475949403.000002409CB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2492124474.000002409D809000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2533493611.000002409DE33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zipjar:file:
Source: firefox.exe, 00000005.00000003.2488213495.000002409FF44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787269307.000002409F8B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2489090234.000002409F8B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2477447202.000002409D936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000005.00000003.2487359852.00000240A003D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2487525846.000002409FFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250781570.000002409FF9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789413242.00000240993E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2533277445.0000024099159000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000005.00000003.2532892624.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292240962.000002409918E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789533288.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952632105.000002409918E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2292775986.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2953161333.0000024099181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesP5
Source: firefox.exe, 00000005.00000003.2532892624.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292240962.000002409918E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789533288.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952632105.000002409918E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2292775986.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2953161333.0000024099181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.2532892624.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292240962.000002409918E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789533288.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952632105.000002409918E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000002.3337640147.000002408CB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/stringsp
Source: firefox.exe, 00000005.00000003.2890963956.000002409D5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236468884.000002409D5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2154354366.000002409D5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248471810.000002409CD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2156868789.000002409D5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449486106.000002409CE34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2242829106.00000240A006B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268359542.000002430003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2900039604.000002409D5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2156868789.000002409D5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2890963956.000002409D5B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2531288077.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2901995722.000002409D037000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252617341.000002409F9CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788464539.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196890631.000002409FFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2896735245.000002409D5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247475792.000002409D940000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2235417964.000002409D5DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2154151308.000002409D5F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236468884.000002409D5DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000005.00000003.2487359852.00000240A003D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2487359852.00000240A003D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2762430803.000002409CD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247970283.000002409D884000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2477447202.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2531522407.000002409D90B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2906846651.000002409D936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2243342334.000002409F986000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223393926.000002409F986000.00000004.00000800.00020000.00000000.sdmp, Session_13370013070951362.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13370013070951362.8.dr, 000003.log2.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: Favicons.8.dr, History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 00000012.00000002.3327312863.00000184435CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: firefox.exe, 00000012.00000002.3328196717.0000018443840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: Favicons.8.dr, History.8.dr, Session_13370013070951362.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.2069066022.0000000000E79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068346178.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2068346178.0000000000E32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2069001048.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2069001048.0000000000E32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2071605740.0000017EB96F7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000003.2070566137.0000017EB96ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2073373514.0000017EB96F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000005.00000003.2113337915.000002408F6D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: Favicons.8.dr, History.8.dr, Session_13370013070951362.8.dr, WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2490394108.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2483017787.0000024099D67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2533277445.0000024099159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2475478733.000002409CBEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2532492262.00000240993F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789264579.00000240993F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493073495.000002409CBEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2475478733.000002409CBEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493073495.000002409CBEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000005.00000002.3337640147.000002408CB0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000005.00000003.2243307554.000002409FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: manifest.json.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: 14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp.9.dr, ba8bc3a4-eb42-4a35-89fc-96395d696325.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp.9.dr, ba8bc3a4-eb42-4a35-89fc-96395d696325.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000005.00000002.3337640147.000002408CB0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.3337640147.000002408CB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000005.00000003.2289194503.00000240A0ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.2289194503.00000240A0AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000005.00000003.2289194503.00000240A0AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json0.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252948556.000002409DD1D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2479963202.000002409DD19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244571984.000002409DD19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000005.00000003.2289194503.00000240A0AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2196890631.000002409FFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2487525846.000002409FFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250781570.000002409FFE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000005.00000003.2953161333.000002409916C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.000002409916C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.2249337998.000002409B3DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.comP4
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2243688333.000002409F947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000005.00000003.2243342334.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223393926.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2488470417.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252617341.000002409F9BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000005.00000003.2243342334.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2223393926.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2488470417.000002409F9BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252617341.000002409F9BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/PCi
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000005.00000002.3337640147.000002408CB0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2906809192.000002409D9C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/3c7034d6-bc52-43bb-9a23-5da34ee205e0/health/
Source: firefox.exe, 00000005.00000003.2768818965.000002409D90B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788709822.000002409D90B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/49409584-9cbe-40a8-9057-948720249a2c/health/
Source: firefox.exe, 00000005.00000003.2906809192.000002409D9C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/a83301c6-790b-49f3-adc7-55a855f7fe79/main/Fi
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2768928876.000002409B3DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449980527.00000240993F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 00000012.00000002.3329957378.0000018443999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2448411394.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2237059722.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248605595.000002409CBE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2448019818.000002409D37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2898806395.000002409D377000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2814549647.000002409D377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2906846651.000002409D936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493584941.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482073044.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788828406.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788868182.000002409B3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493584941.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482073044.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788828406.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788868182.000002409B3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493584941.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482073044.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788828406.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788868182.000002409B3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493584941.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482073044.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788828406.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788868182.000002409B3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2482020426.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2493584941.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482073044.000002409B3F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788828406.000002409B3F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788868182.000002409B3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768928876.000002409B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2789264579.00000240993F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000005.00000003.2450075349.000002409DE33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2450075349.000002409DE33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%file:///C:/Program
Source: firefox.exe, 00000005.00000003.2531900347.0000024099DC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482329845.0000024099DC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2768528442.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244647347.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2480877202.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246835045.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475190021.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788279722.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2491387252.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290635640.000002409DCD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.2768528442.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244647347.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2480877202.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246835045.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475190021.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788279722.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2491387252.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290635640.000002409DCD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2490394108.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2767901965.000002409FBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2474871935.000002409FBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2169985603.000002409FBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243307554.000002409FBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2787062774.000002409FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2532492262.00000240993F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2906809192.000002409D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789264579.00000240993F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2492675453.000002409CEB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2492124474.000002409D809000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2476182627.000002409CB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2951636377.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291354489.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788760828.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481620846.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248750417.000002409CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768528442.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244647347.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2480877202.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246835045.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475190021.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788279722.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2491387252.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290635640.000002409DCD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768528442.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244647347.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2480877202.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246835045.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475190021.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788279722.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2491387252.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290635640.000002409DCD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: 14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000002.3327280611.000000A80677C000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2292775986.000002409915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2953161333.000002409915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.0000024099159000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3329957378.0000018443999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2292775986.000002409915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2953161333.000002409915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.0000024099159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/J
Source: firefox.exe, 00000005.00000002.3327280611.000000A80677C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247820800.000002409D9A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.office.com
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2789413242.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952549951.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2532628861.00000240993D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292130151.00000240993D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2476182627.000002409CB4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2951636377.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2291354489.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788760828.000002409CB7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481620846.000002409CB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248750417.000002409CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caZ
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: 31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00BFEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00BFED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00BFEAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00BEAA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00C19576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2062977270.0000000000C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_36611872-e
Source: file.exe, 00000000.00000000.2062977270.0000000000C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f05053d5-5
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f2b1b16b-2
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_6ecd0c0d-9
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F68FF7 NtQuerySystemInformation,18_2_0000018443F68FF7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F8A1F2 NtQuerySystemInformation,18_2_0000018443F8A1F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00BED5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00BE1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00BEE8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B880600_2_00B88060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF20460_2_00BF2046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE82980_2_00BE8298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBE4FF0_2_00BBE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB676B0_2_00BB676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C148730_2_00C14873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BACAA00_2_00BACAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8CAF00_2_00B8CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9CC390_2_00B9CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB6DD90_2_00BB6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B891C00_2_00B891C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9B1190_2_00B9B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA13940_2_00BA1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA17060_2_00BA1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA781B0_2_00BA781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA19B00_2_00BA19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B879200_2_00B87920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9997D0_2_00B9997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA7A4A0_2_00BA7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA7CA70_2_00BA7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA1C770_2_00BA1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB9EEE0_2_00BB9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0BE440_2_00C0BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA1F320_2_00BA1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F68FF718_2_0000018443F68FF7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F8A1F218_2_0000018443F8A1F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F8A91C18_2_0000018443F8A91C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F8A23218_2_0000018443F8A232
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B9F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B89CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00BA0A30 appears 46 times
Source: file.exe, 00000000.00000003.2068346178.0000000000E32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.2069001048.0000000000E32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@71/277@34/22
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF37B5 GetLastError,FormatMessageW,0_2_00BF37B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE10BF AdjustTokenPrivileges,CloseHandle,0_2_00BE10BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00BE16C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00BF51CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00BED4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00BF648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00B842A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\75c9fa31-5b4a-45e3-a4e6-677e095abe56.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2056,i,6247163367441240488,2576398707470590896,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2688 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccf95cfb-f749-4af2-904e-7994877402df} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2408cb6db10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6736 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4456 -parentBuildID 20230927232528 -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26273 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f8d3111-a88f-4b01-91e4-af2e9be1c464} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2409f819410 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=8500 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8648 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8496 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8780 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2056,i,6247163367441240488,2576398707470590896,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccf95cfb-f749-4af2-904e-7994877402df} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2408cb6db10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4456 -parentBuildID 20230927232528 -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26273 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f8d3111-a88f-4b01-91e4-af2e9be1c464} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2409f819410 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2688 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6736 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=8500 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8648 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8496 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8780 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B842DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA0A76 push ecx; ret 0_2_00BA0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00B9F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00C11C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97979
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F68FF7 rdtsc 18_2_0000018443F68FF7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00BEDBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBC2A2 FindFirstFileExW,0_2_00BBC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF68EE FindFirstFileW,FindClose,0_2_00BF68EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00BF698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00BED076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00BED3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BF9642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BF979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00BF9B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00BF5C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B842DE
Source: firefox.exe, 00000005.00000003.2113337915.000002408F694000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2101863521.000002408F694000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@>n
Source: firefox.exe, 0000000B.00000002.3328028461.000002071B0DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: firefox.exe, 00000012.00000002.3333208395.0000018443E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 00000005.00000003.2113337915.000002408F6D6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3328028461.000002071B0DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3327312863.00000184435CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3333208395.0000018443E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.2292130151.00000240993C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789413242.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2532628861.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952549951.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3334732388.000002071B517000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: firefox.exe, 00000005.00000003.3206806067.00002E4BBD640000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: firefox.exe, 00000012.00000002.3333208395.0000018443E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 0000000B.00000002.3335816849.000002071B600000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3333208395.0000018443E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: firefox.exe, 00000012.00000002.3333208395.0000018443E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: firefox.exe, 0000000B.00000002.3335816849.000002071B600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000018443F68FF7 rdtsc 18_2_0000018443F68FF7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFEAA2 BlockInput,0_2_00BFEAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BB2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B842DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA4CE8 mov eax, dword ptr fs:[00000030h]0_2_00BA4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00BE0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BB2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BA083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA09D5 SetUnhandledExceptionFilter,0_2_00BA09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BA0C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00BE1201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00BC2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEB226 SendInput,keybd_event,0_2_00BEB226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00C022DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00BE0B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00BE1663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA0698 cpuid 0_2_00BA0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00BF8195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDD27A GetUserNameW,0_2_00BDD27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00BBB952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B842DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00C01204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00C01806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1504861 Sample: file.exe Startdate: 05/09/2024 Architecture: WINDOWS Score: 64 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 sni1gl.wpc.nucdn.net 2->44 46 14 other IPs or domains 2->46 66 Multi AV Scanner detection for submitted file 2->66 68 Binary is likely a compiled AutoIt script file 2->68 70 Machine Learning detection for sample 2->70 72 AI detected suspicious sample 2->72 8 file.exe 1 2->8         started        11 msedge.exe 103 407 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 74 Binary is likely a compiled AutoIt script file 8->74 76 Found API chain indicative of sandbox detection 8->76 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.5, 443, 49362, 49616 unknown unknown 11->60 62 192.168.2.6 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 94 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.40, 443, 49747, 49748 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49714 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 20->50 56 14 other IPs or domains 20->56 52 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49745, 49756, 49792 GOOGLEUS United States 27->52 54 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49801, 49802 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://www.msn.comZ0%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://www.msn.com0%Avira URL Cloudsafe
https://fpn.firefox.com0%URL Reputationsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
http://exslt.org/dates-and-timesP50%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
http://exslt.org/common0%Avira URL Cloudsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://www.tsn.ca0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
https://www.tsn.caZ0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		52.222.236.23
            		truefalse
              		unknown
              ipv4only.arpa
              		192.0.0.170
              		truefalse
                		unknown
                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                		94.245.104.56
                		truefalse
                  		unknown
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		unknown
                    googlehosted.l.googleusercontent.com
                    		142.250.185.65
                    		truefalse
                      		unknown
                      sni1gl.wpc.nucdn.net
                      		152.199.21.175
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2476540516.000002409CB2D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comZfirefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.orgfirefox.exe, 00000005.00000003.2789264579.00000240993F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000005.00000003.2487359852.00000240A003D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3329957378.0000018443999000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://docs.google.com/manifest.json0.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2490394108.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DD83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2243897678.000002409DD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.instagram.com31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2768528442.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244647347.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144393504.000002409D080000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2480877202.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2246835045.000002409DCCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475190021.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788279722.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2491387252.000002409DCD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2290635640.000002409DCD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247820800.000002409D9A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=true31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.2140776897.000002409CE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142321397.000002409D03D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144020852.000002409D05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2140971232.000002409D01C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/setsfirefox.exe, 00000005.00000003.2532892624.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292240962.000002409918E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789533288.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952632105.000002409918E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/dates-and-timesP5firefox.exe, 00000005.00000003.2292775986.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2533277445.0000024099181000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2953161333.0000024099181000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.html31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.deezer.com/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://web.telegram.org/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/commonfirefox.exe, 00000005.00000003.2532892624.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292240962.000002409918E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2789533288.000002409918A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952632105.000002409918E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json0.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000005.00000003.2249337998.000002409B3DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2249500185.000002409B38F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2483017787.0000024099DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2289194503.00000240A0ABD000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json0.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shoreline31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json0.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000005.00000003.2248120040.000002409CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2492675453.000002409CE73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.3337640147.000002408CB6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000005.00000003.2243307554.000002409FBCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2243897678.000002409DDF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2490394108.000002409DDF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json0.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000005.00000003.2789533288.00000240991B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3330835195.000002071B4CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000005.00000003.2481844978.000002409CB04000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000005.00000003.2450075349.000002409DE33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bard.google.com/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.office.com31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2531900347.0000024099DC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2482329845.0000024099DC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifirefox.exe, 00000012.00000002.3334297902.0000018444003000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2248750417.000002409CB98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2475513133.000002409CBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449660946.000002409CBA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2481266651.000002409CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2253333167.000002409CBB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.tsn.caZfirefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.tsn.cafirefox.exe, 00000005.00000003.2287812899.00003F057CA03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tidal.com/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2890963956.000002409D5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236468884.000002409D5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2154354366.000002409D5D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2248471810.000002409CD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2156868789.000002409D5ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2449486106.000002409CE34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2242829106.00000240A006B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2268359542.000002430003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2900039604.000002409D5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2156868789.000002409D5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2890963956.000002409D5B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2531288077.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2901995722.000002409D037000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2252617341.000002409F9CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2788464539.000002409D936000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196890631.000002409FFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2896735245.000002409D5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247475792.000002409D940000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2235417964.000002409D5DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2154151308.000002409D5F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236468884.000002409D5DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.bellmedia.cfirefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.openh264.org/firefox.exe, 00000005.00000003.2789413242.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2952549951.00000240993C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2532628861.00000240993D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2292130151.00000240993D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gaana.com/31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000005.00000003.2241273572.00000240A0A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2487359852.00000240A003D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2496055924.000002409E800000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2788174419.000002409DCF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2244595446.000002409DCF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/compose?isExtension=true31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp.8.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000B.00000002.3329927616.000002071B1E0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3329027596.0000018443870000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000005.00000003.2477823650.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0AE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241273572.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2250178189.00000240A0A8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  23.55.235.170
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  23.59.250.72
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  162.159.61.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  52.222.236.23
                                  		services.addons.mozilla.orgUnited States
                                  		16509AMAZON-02USfalse
                                  142.251.40.174
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  172.64.41.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.185.65
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  64.233.180.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.65.174
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  94.245.104.56
                                  		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.251.35.164
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.6
                                  192.168.2.5
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1504861
                                  Start date and time:2024-09-05 14:30:11 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 7m 43s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:25
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal64.evad.winEXE@71/277@34/22
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HCA Information:
                                  • Successful, ratio: 97%
                                  • Number of executed functions: 39
                                  • Number of non-executed functions: 320
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.251.168.84, 13.107.42.16, 216.58.206.78, 13.107.21.239, 204.79.197.239, 13.107.6.158, 2.19.126.152, 2.19.126.145, 172.217.16.195, 2.23.209.179, 2.23.209.183, 2.23.209.173, 2.23.209.182, 2.23.209.169, 2.23.209.167, 2.23.209.171, 2.23.209.181, 2.23.209.168, 142.250.186.99, 20.191.45.158, 20.199.58.43, 93.184.221.240, 192.229.221.95, 2.22.61.57, 2.22.61.59, 172.217.16.206, 172.217.16.142, 142.250.65.163, 142.251.35.163, 142.251.32.99
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, clients.l.google.com, telem-edge.smartscreen.microsoft.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com, arc.msn.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficm
                                  • Execution Graph export aborted for target firefox.exe, PID 1816 because it is empty
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  23.55.235.170file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousAmadey, StealcBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                      • www.ust.com/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.4
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 108.156.60.108
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.85
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.171
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 192.0.0.170

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                                                      • 23.200.0.9
                                                      https://1drv.ms/o/s!Ajq9zC5M8q4HgQZYMFwoYdIgQ7Uc?e=V7cJrHGet hashmaliciousUnknownBrowse
                                                      • 2.16.238.6
                                                      Inspection Notice.msgGet hashmaliciousHTMLPhisherBrowse
                                                      • 92.123.101.112
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.54.161.105
                                                      Rechnung.pdfGet hashmaliciousUnknownBrowse
                                                      • 2.16.241.13
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.59.250.91
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.7
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.5
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 104.126.116.19
                                                      SyncTextReader.exeGet hashmaliciousFormBookBrowse
                                                      • 172.232.25.148
                                                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                                                      • 23.200.0.9
                                                      https://1drv.ms/o/s!Ajq9zC5M8q4HgQZYMFwoYdIgQ7Uc?e=V7cJrHGet hashmaliciousUnknownBrowse
                                                      • 2.16.238.6
                                                      Inspection Notice.msgGet hashmaliciousHTMLPhisherBrowse
                                                      • 92.123.101.112
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.54.161.105
                                                      Rechnung.pdfGet hashmaliciousUnknownBrowse
                                                      • 2.16.241.13
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.59.250.91
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.7
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.5
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 104.126.116.19
                                                      SyncTextReader.exeGet hashmaliciousFormBookBrowse
                                                      • 172.232.25.148
                                                      EDGECASTUShttps://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbbGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      https://buysuhagra.shop/ePFcjxsxGet hashmaliciousHTMLPhisherBrowse
                                                      • 152.199.21.175
                                                      http://jan47nfhc.3utilities.com/#SAK0BE-SUREJACKZ3J6ZWdvcnouZ2FsYXJhQGNjYy5ldQ==Get hashmaliciousUnknownBrowse
                                                      • 152.195.15.58
                                                      Fatura_200393871.pdfGet hashmaliciousUnknownBrowse
                                                      • 152.199.21.175
                                                      https://1drv.ms/o/s!Ajq9zC5M8q4HgQZYMFwoYdIgQ7Uc?e=V7cJrHGet hashmaliciousUnknownBrowse
                                                      • 152.199.19.160
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      Rechnung.pdfGet hashmaliciousUnknownBrowse
                                                      • 93.184.221.240
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSSecuriteInfo.com.Linux.Siggen.9999.17528.22528.elfGet hashmaliciousMiraiBrowse
                                                      • 104.44.100.176
                                                      SecuriteInfo.com.Linux.Siggen.9999.8352.26322.elfGet hashmaliciousMiraiBrowse
                                                      • 20.169.249.56
                                                      https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbbGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.6.156
                                                      firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                      • 22.97.108.98
                                                      firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                      • 22.97.108.98
                                                      firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                      • 21.114.101.100
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.45
                                                      firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                      • 21.114.101.100
                                                      firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                      • 22.97.108.98
                                                      firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                      • 20.55.127.67

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      1138de370e523e824bbca92d049a37771d0000.MSBuild.exeGet hashmaliciousXehook StealerBrowse
                                                      • 23.1.237.91
                                                      http://cdn.btmessage.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.1.237.91
                                                      RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://mentmaskloegionn.gitbook.io/us/Get hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://pub-ca22a10ffb7349aca30da700c49a0d87.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      https://qt6ata.shop/?dre=f06d4Get hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://pub-5f9157fad7fd426bad68e1875cc4842e.r2.dev/uhtdex.htmlGet hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://pub-33cba1b1aa61453b9e89a582d09f5287.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://opposite-test-user-admin.surge.sh/index.htmlGet hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      http://coibicxsigninlogin.gitbook.io/Get hashmaliciousUnknownBrowse
                                                      • 23.1.237.91
                                                      28a2c9bd18a11de089ef85a160da29e4http://beonlineboo.comGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      http://cdn.btmessage.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      https://inboxsender.gxsearch.club/redir5/serial.phpGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      https://gunxt71ylj.swanprincessseries.shop/?email=redacted_emailGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      https://www.sharepointle.com/nam/b7c7f9fb-10af-4a78-b055-1aae28072d54/63ec8c0e-31c8-42ea-a890-b6ee6a16a759/8ca39e5f-fb4f-4462-a716-7a468ff934d1/login?id=M3JjNFNGc2tnZHFtT29GMmRvdXdkdWJaU2hKa214Uk5hc2szK1RuV1Y3NHJKY1hxV01BcVZZeFdWVXJ1SUgwU0pEc2JLRGIyTUVLL1hVZzBMUkhtdjNqY2ZUdy9tV1k5N0I4ZGtFS3dCQlBPV29udmRXMjUzb1pTTjl4NkxJQnQyS3RRQkV0U2gwTTJ6SkZwMUhXV1FaUGRSRmg5NEJGcmpLem8zYlNtR05LTGZRZGRYMHJ0QmRncXR1R0xGYnpnYVFweEZ4Mkcvb2xMcnNZNEdLRUxFcy9vaWNIQ3N3eXhwbFdkVVFrWHVrRXM1OXJiUzVaQWtCTE1QM1RvYmNGdXJzTzViblB1S2RlYm9zVHh2RUJ2QmFtUDRBcG9pZS9qZnU2UnR3V0o1NWVQRGJCQThxbnhXV2RaWTRsb3BpN3dpM3g5ZWk2dkVCbHN3SWtpSEUvT3phS3p6SkZndW83SzRwK241Y1U1N25pQSt6ZE1KL1QvZmMyeEc5c0pzcFRWYi85UmtJS1M2WmpUajFpaC9aL0hSRytJY2ZWbkw3bEw3Q2lyc1ljVk5NQT0Get hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      https://augeanremittancedata647489329364783926443292837.s3.ap-southeast-2.amazonaws.com/rer6t7yuhyvfy.htmGet hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      https://complaint.room2222.world/apartment/98754Get hashmaliciousUnknownBrowse
                                                      • 40.126.31.69
                                                      • 2.18.97.153
                                                      • 20.114.59.183
                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 52.222.236.23
                                                      • 34.120.208.123

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousUnknownBrowse

                                                                                              Created / dropped Files

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4d666f67-10b5-405b-8844-922ee1773494.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.141840725976398
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:FKMiEm5cbhbVbTbfbRbObtbyEznpnSrDtTZdB:FPMcNhnzFSJ7nSrDhZdB
                                                                                              MD5:421EA304E00AD86BACCCA0A6CE63945C
                                                                                              SHA1:AAEDC083E9FAFC96582BBE1958722E67DCE79BE4
                                                                                              SHA-256:F26559DF413EAE6828B02C7E7187FBD79B68B53CB26883714E226A08EC0BCCDB
                                                                                              SHA-512:ADCB153120095DBD8545D4E779E8F837937C463670DE295216DFD4642E3A07CE886D8FAF54C4DC0B7AF1347DC925634C62F652FA6B0E1399EA8742F96DB747D9
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"4d666f67-10b5-405b-8844-922ee1773494","creationDate":"2024-09-05T14:23:54.755Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4d666f67-10b5-405b-8844-922ee1773494.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):6439
                                                                                              Entropy (8bit):5.141840725976398
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:FKMiEm5cbhbVbTbfbRbObtbyEznpnSrDtTZdB:FPMcNhnzFSJ7nSrDhZdB
                                                                                              MD5:421EA304E00AD86BACCCA0A6CE63945C
                                                                                              SHA1:AAEDC083E9FAFC96582BBE1958722E67DCE79BE4
                                                                                              SHA-256:F26559DF413EAE6828B02C7E7187FBD79B68B53CB26883714E226A08EC0BCCDB
                                                                                              SHA-512:ADCB153120095DBD8545D4E779E8F837937C463670DE295216DFD4642E3A07CE886D8FAF54C4DC0B7AF1347DC925634C62F652FA6B0E1399EA8742F96DB747D9
                                                                                              Malicious:false
                                                                                              Preview:{"type":"uninstall","id":"4d666f67-10b5-405b-8844-922ee1773494","creationDate":"2024-09-05T14:23:54.755Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16a73249-6c99-43b3-b639-4a5eef0ee402.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):45633
                                                                                              Entropy (8bit):6.086650850641762
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4n9Dn/3hDO6vP6OrPkIt+Lqb/lEeCAonGoup1Xl3jVzXr+:mMGQ5XMBG9D06L3WeRonhu3VlXr49
                                                                                              MD5:6AB0E5AC8C52EFCA19465E6047312523
                                                                                              SHA1:EC934BF650522FD8F30296DAF4D5AA1D88EBFA4A
                                                                                              SHA-256:E143602692616B3AEBA812E9962B067FE2564981921C948FCBFB903534D811E2
                                                                                              SHA-512:51268FB72BCB1F7525D80AEAF9E96AF2007CFFCE42F3475D9E4BECAF9A523FFE3FEA13CF926114E1134D5D4C02000DC0D57C9A510CBDCE8FCFFFA4A7765EF4A5
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\18040e10-a581-403d-9f6f-cfa1fbf7818b.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):45710
                                                                                              Entropy (8bit):6.08653406960929
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4IoDn/3hDO6vP6OrHkIt+Lqb/lEeCAonGoup1Xl3jVzXr+:mMGQ5XMBDoD06LvWeRonhu3VlXr49
                                                                                              MD5:D49151AB981A7BDE42D2D03F569367A6
                                                                                              SHA1:853843249ACFB03F2DE711579F00B696482CADE7
                                                                                              SHA-256:6D3A38B310CB45F4864A810F7B390908448D3E805BD1E254E213B72089CCD4BE
                                                                                              SHA-512:3E8B9F8BEE447CA9FC2FF3AAADDA73443764BCD7339DBF092C0B2EFC033DC670421E4C042910E622117033A5DBDC1577F0D4953ECC5CB6FDD686C627579A311D
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4885a36e-a371-48c6-8c09-d0f80e760ccd.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44656
                                                                                              Entropy (8bit):6.096062833765968
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBjwuOhDO6vP6OrPkIt+Lqb/cGoup1Xl3jVzXr4CCz:z/Ps+wsI7yOEv6L3chu3VlXr4CRo1
                                                                                              MD5:F5A7DE9A6469018CF69091A66FBC9416
                                                                                              SHA1:9197B67139B7FA604C8FBB978CB714FED0CA3D6B
                                                                                              SHA-256:0ACE8F5E4DF21854CCA72C8AAB3B3ADCA04B263CCECBD51D37A3CCCD6DBC9C73
                                                                                              SHA-512:46875153441EC5DF5107FA062B3C0C28E0FFA8F179A07EB739BE265229E47671E117E7136952358F7C6C296AC4D5869E8D3FE207AEEC4C1759B5ADC60CA92175
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\75c9fa31-5b4a-45e3-a4e6-677e095abe56.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7b91fb6c-8e26-49c1-a9a6-23cd71aa7572.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44600
                                                                                              Entropy (8bit):6.0959925167460405
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBmwuOhDO6vP6OrLVIm5RclcGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEQ6LEchu3VlXr4CRo1
                                                                                              MD5:71E7FD3DDF5172776FF07847D521CFC5
                                                                                              SHA1:C379E29E93300CE5A78331C9D6DD4A741C239267
                                                                                              SHA-256:555B111F5BFFF1CDE0BA30F7FF16D390A45BDE5D48782126D50B3693795C1BD3
                                                                                              SHA-512:8B708BEA8AD429C4E989B6FD0F8DF59B0495479EECDCEA6C3087CD03FFA658DDC307F448888CE3C55A7B39A2DC6C608D240A03675241DCF8AB3558772F1E9B4A
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\73dad07c-6633-4ba6-8756-fc2879b35d23.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):107893
                                                                                              Entropy (8bit):4.640149995732079
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                              Malicious:false
                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D9A48C-173C.pma

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4194304
                                                                                              Entropy (8bit):0.47808659280568794
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:vnGGXGaWUay+TBxI0fS1Ag1HF04OJ58eexqJPjrdRwGeg1HFXMXtM:uGXI2KBxXS1AaHa4i8jxqhdRwGeaHmX
                                                                                              MD5:54A5239844BE592D01AC5BBD851882E6
                                                                                              SHA1:1536B41A9756407C5EBC4DADE818CE0897823C27
                                                                                              SHA-256:E3757C03DA35F7CF434FC0354A8B1FF80C428D24EB50E346FEA3731CC91F2E5C
                                                                                              SHA-512:059377E3C4F5E81F8824C7F197352F47008FB0885DF5E8FC44BE35C00785D8DF467348C8687743D5FC7DDF3687F917EFE2A950984C3673BAEC40502DA1561B9B
                                                                                              Malicious:false
                                                                                              Preview:...@..@...@.....C.].....@...............P...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cconrh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2......._...... .2........6......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):280
                                                                                              Entropy (8bit):4.132041621771752
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                              MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                              SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                              SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                              SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                              Malicious:false
                                                                                              Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\12a18608-0976-479b-9427-bb63dd725c19.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13306
                                                                                              Entropy (8bit):5.281115885603968
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDiuabatSuyIfsyusZihaEXxRky3k8wbV+FICQA66WVlaFIMYQPUYJ:stuPGQSudsyufhaEXxQbGBQx6WVlaTY4
                                                                                              MD5:E68C1D67F739B0309125CE1BC0443AF4
                                                                                              SHA1:3EAD2E8BC6C7013EB031C2EE706FA8F5248772CA
                                                                                              SHA-256:EC56987BB8C8C462CAA562EE4E72EB9FC47C5EA7F7D5D55E0515DC0FA2C616FD
                                                                                              SHA-512:7660852DF2E69290560750ECFF308646B29924738A22B73752EF7C6771293B72295C38BA305E48E19F5D6A82DAB3C160BEF00DC229B44DFF988FB191B1EC2EE2
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1cd20c98-0f91-4f70-9b78-1a352222de74.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\31aabcfb-9026-4872-954c-0e10f9ff5ff2.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4be7b9a9-3e05-4db7-82d2-3d0a7853af00.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\581f24fb-013e-488d-986f-7ef1b87098b8.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c89ad1f-07c7-4fdb-ab79-25e4b10bdcaa.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13141
                                                                                              Entropy (8bit):5.283546071702742
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDiuabatSuyIfsyusZihaEXxRky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGQSudsyufhaEXxQbGBQx6WdaTY4
                                                                                              MD5:54DAD996BDF2681D471106CAF8321516
                                                                                              SHA1:F25A834E91387118C6380DFE86E7976DD305A900
                                                                                              SHA-256:135B4626B7FC930C742E38762BC3B6E50BCC7E78226003D16FB374263EEE5F96
                                                                                              SHA-512:CE6DB02335BC406CB5028A8966393C074C8B01B02412A91F6BF2AA91C863B532FFADCB6D4C67DA396D8278866E4DD36801EF196E7331D195BDCC69060BDE4B44
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c806900-d04b-4268-b92a-dda7e39c83f9.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35272
                                                                                              Entropy (8bit):5.556546860023451
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:X/JfJSWPawfzk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVzxbDkrwTO8p0qKp9tuO:X/JfJSWPawfzku1jaWhD9TO8Lgt9
                                                                                              MD5:1606E14F82AD0BF873B2C3627AEBCC42
                                                                                              SHA1:525B5E42BD4381FDBD4224BFBEC0441C3A80B1C5
                                                                                              SHA-256:96127C7B42D83A18A66EA8AB4BD4CDFEBAEBF6A0842EC4CFB83093E18FFB7871
                                                                                              SHA-512:4B95F1C6942B3B873B76B97FC89A535E8BC5F1E40BFC549A07708C7B67904A85F206415DB33883E86069DE797469FD7295E4B1D12FAAE5AB4BA5807E18ED6643
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370013068441405","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370013068441405","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f302c3b-5635-42fe-a8d9-bd85cfeb9187.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13306
                                                                                              Entropy (8bit):5.281072843532447
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDiuabatSuyIfsyusZihaEXxRky3k8wbV+FICQA66WZlaFIMYQPUYJ:stuPGQSudsyufhaEXxQbGBQx6WZlaTY4
                                                                                              MD5:F840335F40222ED59E8E461B70ED0F53
                                                                                              SHA1:7EF068D2BDE3053F5E9371B65AD5AB605C9A66A2
                                                                                              SHA-256:19F1738156E84C81C4D8FF037EE3146B9179B256118E3BD10D048B18483D1989
                                                                                              SHA-512:6A9B850CAAF7AEBE577DB21ED2EDA271D78C10CD53C3A740B73E76DA0E62B0401D8E929AF34EA8981582257DAFF98D2F5A71126331DC88287359191233488CC7
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):33
                                                                                              Entropy (8bit):3.5394429593752084
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):307
                                                                                              Entropy (8bit):5.249454383702429
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PSF1923oH+Tcwtp3hBtB2KLllzFF+q2P923oH+Tcwtp3hBWsIFUv:PSYYebp3dFLnzFF+v4Yebp3eFUv
                                                                                              MD5:CB1C97C28BCCCD972012700835A28E59
                                                                                              SHA1:538862B5704A4A1054E3C862A5E7DD1EE5595DE4
                                                                                              SHA-256:0A47D64087642E97D6B1BAC38D276225F409D318C4B9ED4E50B7BC8F9400A0E5
                                                                                              SHA-512:42F935177860BB685AD93EB7AC89AADE2868E0722E8D945ABE8F8DB196C854643B1333627C2580DE7D831F8923337DAB8FED2C2F8653A8AC5045A4A7A44F0ECD
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:15.051 8ec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/05-08:31:16.057 8ec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):2163821
                                                                                              Entropy (8bit):5.22287239647105
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:v+/PN8FtfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Hfx2mjF
                                                                                              MD5:580F5CA79AA38C3EBF55B6A65DA7A203
                                                                                              SHA1:EF586D535F193B5C4C0BB144B6554810D37D3CEB
                                                                                              SHA-256:DD31DC0D33C0470EFB23008BDC4EE87471820F6AE2F18F8D36E9D0D96F4D3C21
                                                                                              SHA-512:8ACA862E8CF71568DFCDD914DB395451BC506AE7D4CC039C6312DC959361A508FD48BECCFB4C3D4CD6D271ED705C1E8542C4193514FDA80417EB5A13AEA69844
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):336
                                                                                              Entropy (8bit):5.128123195453157
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P4Vq2P923oH+Tcwt9Eh1tIFUt82i6gZmw+2YLIkwO923oH+Tcwt9Eh15LJ:P4Vv4Yeb9Eh16FUt82Ng/+2gI5LYeb9O
                                                                                              MD5:BAC8DE49F14CCDCEBA7D78C65472B832
                                                                                              SHA1:BC10543C508AFDA76D90AB83F422CFBAE67F22FA
                                                                                              SHA-256:84D08CC17EB556683C5FE48E49AC9545652B89698E81B41EA0BD9CCB0C6BE1F6
                                                                                              SHA-512:D08708BD0F0E2BBB0B0123A20FBB09B87172AD44AEB009CEAF5A39CB94D288254E1C5B941D93BCDD72C1C1624941F8EE9B3BE7A3D9194EBFEFCC993538274846
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:14.888 2084 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-08:31:14.896 2084 Recovering log #3.2024/09/05-08:31:14.901 2084 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):336
                                                                                              Entropy (8bit):5.128123195453157
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P4Vq2P923oH+Tcwt9Eh1tIFUt82i6gZmw+2YLIkwO923oH+Tcwt9Eh15LJ:P4Vv4Yeb9Eh16FUt82Ng/+2gI5LYeb9O
                                                                                              MD5:BAC8DE49F14CCDCEBA7D78C65472B832
                                                                                              SHA1:BC10543C508AFDA76D90AB83F422CFBAE67F22FA
                                                                                              SHA-256:84D08CC17EB556683C5FE48E49AC9545652B89698E81B41EA0BD9CCB0C6BE1F6
                                                                                              SHA-512:D08708BD0F0E2BBB0B0123A20FBB09B87172AD44AEB009CEAF5A39CB94D288254E1C5B941D93BCDD72C1C1624941F8EE9B3BE7A3D9194EBFEFCC993538274846
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:14.888 2084 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/05-08:31:14.896 2084 Recovering log #3.2024/09/05-08:31:14.901 2084 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.4656605101597933
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBc:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                              MD5:9B1280B0513205A8B30992E6C8DED70C
                                                                                              SHA1:F6EFA362A779271B35B7AA79110B3E87DE77A772
                                                                                              SHA-256:EBCE41C24C663AD08A872B5489085FD9D8E28D2C70A9E98D2732C8AD9D05A2E3
                                                                                              SHA-512:16D0B98254C4239FB4F980B917E5165B412FC7A896393BB2B0C8D7B21FBF3A48FE54776DD524D7512EBF9C0A9209D78126C47D9080D1D8CBC96CB8E3E7E23B27
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                              Category:dropped
                                                                                              Size (bytes):10240
                                                                                              Entropy (8bit):0.8708334089814068
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):636554
                                                                                              Entropy (8bit):6.0127694795093625
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                                                              MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                                                              SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                                                              SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                                                              SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):142
                                                                                              Entropy (8bit):5.04319433803243
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:lxl9l/38E28xp4m3rscUSXQTfjiQX/Nlf+nETPxpK2x7L8KFunLutCF:Z9t38D8xSEsIXGR/v+n0PxEWHFeStO
                                                                                              MD5:DD3032B7206D0F39CC44A96744FC366C
                                                                                              SHA1:C0543FC24ADEF78640D1B5024224019BC070E208
                                                                                              SHA-256:A042A3F6746CDBFC5CDB0CE38FE120ADE218AD10E0AEA6F0895040DB3E2C663E
                                                                                              SHA-512:34AC311592DFC7AE2C2FDA844010C47E91EE1BF83908C08C0B0043491F07F4E76F8B8A06C7F005CEC07F2F838B72FA9D8349D91DB818AB18262840F3024C5F88
                                                                                              Malicious:false
                                                                                              Preview:Q...9................BLOOM_FILTER_EXPIRY_TIME:.1725625874.496872.I]NG................BLOOM_FILTER_LAST_MODIFIED:.Thu, 05 Sep 2024 12:08:14 GMT

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):636529
                                                                                              Entropy (8bit):6.012178686683981
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                                                              MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                                                              SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                                                              SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                                                              SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                                                              Malicious:false
                                                                                              Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):506
                                                                                              Entropy (8bit):5.253199308073653
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PIOM+v4Yebn9GFUt82IMq/+2IM1MV5LYebn95Z9lxxf0n6cxfr1K25h:t4Yeb9ig8wLYeb9zpmPZHh
                                                                                              MD5:AF61CD74C152E410568FE2A33AEAF2B9
                                                                                              SHA1:41DC0C8FA529D051E8CBFD1D1F1528EE24ACD421
                                                                                              SHA-256:C6153CBA5A7BABB5A6F3F72A4520F006AAF55BA234F335A2D04890EB48A349F7
                                                                                              SHA-512:AE3CAA028AA3C6C88932121772EBDFFE8891DA78B30FA49D8DDFCFA963C6500CB02F60BB1873013BDA8BEFD21D3297512DADE9DE33B415C8DE891CE569316CD2
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.537 8fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-08:31:08.539 8fc Recovering log #3.2024/09/05-08:31:08.539 8fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-08:31:14.523 8fc Level-0 table #5: started.2024/09/05-08:31:14.558 8fc Level-0 table #5: 636529 bytes OK.2024/09/05-08:31:14.560 8fc Delete type=0 #3.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):506
                                                                                              Entropy (8bit):5.253199308073653
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PIOM+v4Yebn9GFUt82IMq/+2IM1MV5LYebn95Z9lxxf0n6cxfr1K25h:t4Yeb9ig8wLYeb9zpmPZHh
                                                                                              MD5:AF61CD74C152E410568FE2A33AEAF2B9
                                                                                              SHA1:41DC0C8FA529D051E8CBFD1D1F1528EE24ACD421
                                                                                              SHA-256:C6153CBA5A7BABB5A6F3F72A4520F006AAF55BA234F335A2D04890EB48A349F7
                                                                                              SHA-512:AE3CAA028AA3C6C88932121772EBDFFE8891DA78B30FA49D8DDFCFA963C6500CB02F60BB1873013BDA8BEFD21D3297512DADE9DE33B415C8DE891CE569316CD2
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.537 8fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/05-08:31:08.539 8fc Recovering log #3.2024/09/05-08:31:08.539 8fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/05-08:31:14.523 8fc Level-0 table #5: started.2024/09/05-08:31:14.558 8fc Level-0 table #5: 636529 bytes OK.2024/09/05-08:31:14.560 8fc Delete type=0 #3.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):103
                                                                                              Entropy (8bit):5.287315490441997
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                                                              MD5:BBF990808A624C34FC58008F69BE5414
                                                                                              SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                                                              SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                                                              SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.6139026887018851
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jZXzpT9mL:TO8D4jJ/6Up+dd6
                                                                                              MD5:905B6CA4C5561246E11D118CDDF9699F
                                                                                              SHA1:A1456416E0FA390E265BEF8746B115366A425F88
                                                                                              SHA-256:5F83EC38A423DB117435DD5DBA577B448D9085C595ED3E81C8D08BD505BA1406
                                                                                              SHA-512:27B86A51F30DEDE69E30752C10709BE4B386448E95CB5AB9FAB6F9F6A448EEABBD283304FD78922BE8D5A1CCD50872F03FBA19007EC3117664349FA5EC4A2398
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):375520
                                                                                              Entropy (8bit):5.354116344442646
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:RA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:RFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                              MD5:F8D481225991CD8E95A9CEF38BB86C1D
                                                                                              SHA1:4B10656E12121B0B0631262C14EAEE0E84EB10BA
                                                                                              SHA-256:A1299B50E01010F75DE99DE9857BB01002323FA9515A43AC11845B0AF7AB6132
                                                                                              SHA-512:6E6413F09F62C56F3B5E7B0715BE5B9A43359F7D55362C1BF973CA763D8283094B80DDAAAF41C0C769D51844EB23C27C4A7C84F0B9CA7004D43A0E2C14FA28EA
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1..pq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370013076258026..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):311
                                                                                              Entropy (8bit):5.171147438065468
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PYdq1923oH+Tcwtk2WwnvB2KLllWf3+q2P923oH+Tcwtk2WwnvIFUv:P2fYebkxwnvFLnWOv4YebkxwnQFUv
                                                                                              MD5:9FAB336922B779E3A5A050A6046E09B6
                                                                                              SHA1:A4EE5EEB19D8D5D40EF2705DEC912FEFFD291569
                                                                                              SHA-256:0425056253E50F9DBE21CB5CE9964C7AB1CD57B962BCAC0FB7BA6440072BDBE0
                                                                                              SHA-512:BA90102C8BF091829B15FE799D4AD99D0CA7CE9CC5C064E438C72FF90D43546E9D17120EAD4663BABED1C7CABDB232216F75DB90E0AC34D96718B511DE789C57
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:14.921 2288 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/05-08:31:15.019 2288 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):358860
                                                                                              Entropy (8bit):5.324616621285344
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rr:C1gAg1zfvz
                                                                                              MD5:53AF014B96879DC4D96C5B70EF21AF9B
                                                                                              SHA1:ACDCF82F281AB2F990A0BF811C9FE2D8742AAE0B
                                                                                              SHA-256:B8B6437A0C8410B2072FA0899279066A47B033F56DB38ED483D22254AF20AB1D
                                                                                              SHA-512:6024BD3926DBA1619A5A0D4ADFD916B4083FD7397162A55324481A08BBD7D0B93F17337D7464D6F5A192800B10027FCE5E88914B44C68C535B7136D8DDF8F99D
                                                                                              Malicious:false
                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):418
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):321
                                                                                              Entropy (8bit):5.21100041441303
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIz6Iq2P923oH+Tcwt8aPrqIFUt82IVRXZmw+2I56zkwO923oH+Tcwt8amLJ:PIz6Iv4YebL3FUt82I7X/+2Ik5LYebQJ
                                                                                              MD5:9EA0F79AC26AD77954C75976D220216E
                                                                                              SHA1:A027F92898B5621B15B208F619ABDC2207A2D6DE
                                                                                              SHA-256:1B7DCB68CAAD7811F9A27EC47F0FF4D4775590844372FC43F01EB016B6E77313
                                                                                              SHA-512:CC3F524592F5B290269FB322B98552920D83AA65035910AD2B0448B389A85EA3B14CCC41CC7718C1C78B414A7605ADF416A3DB1C760A9825BCF555D0A26464AD
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.572 764 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-08:31:08.577 764 Recovering log #3.2024/09/05-08:31:08.578 764 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):321
                                                                                              Entropy (8bit):5.21100041441303
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIz6Iq2P923oH+Tcwt8aPrqIFUt82IVRXZmw+2I56zkwO923oH+Tcwt8amLJ:PIz6Iv4YebL3FUt82I7X/+2Ik5LYebQJ
                                                                                              MD5:9EA0F79AC26AD77954C75976D220216E
                                                                                              SHA1:A027F92898B5621B15B208F619ABDC2207A2D6DE
                                                                                              SHA-256:1B7DCB68CAAD7811F9A27EC47F0FF4D4775590844372FC43F01EB016B6E77313
                                                                                              SHA-512:CC3F524592F5B290269FB322B98552920D83AA65035910AD2B0448B389A85EA3B14CCC41CC7718C1C78B414A7605ADF416A3DB1C760A9825BCF555D0A26464AD
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.572 764 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/05-08:31:08.577 764 Recovering log #3.2024/09/05-08:31:08.578 764 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):418
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):325
                                                                                              Entropy (8bit):5.224120835752295
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIUrTMq2P923oH+Tcwt865IFUt82In9Zmw+2I7FUFzkwO923oH+Tcwt86+ULJ:PIUrTMv4Yeb/WFUt82I9/+2I7F45LYev
                                                                                              MD5:F35AED7B537AEEB7117F589928F0539C
                                                                                              SHA1:CEBEA877507785565E39D7DCCB0E6228C65373EF
                                                                                              SHA-256:650AB303E06E4A4D67BC8C1C209C4C1E6CC78D0485FF7C2D87FEDD1CAD1F4B9D
                                                                                              SHA-512:7B733E18639959649E4892E0CE086031D7F4391C18AE7A8FF73F8774A4E2F8F4A4341B1EF3BD4DCCA09A5A4CACD9BF770A56F4A95CE5D63FD3CAF13D92D064EE
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.589 764 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-08:31:08.593 764 Recovering log #3.2024/09/05-08:31:08.594 764 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):325
                                                                                              Entropy (8bit):5.224120835752295
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIUrTMq2P923oH+Tcwt865IFUt82In9Zmw+2I7FUFzkwO923oH+Tcwt86+ULJ:PIUrTMv4Yeb/WFUt82I9/+2I7F45LYev
                                                                                              MD5:F35AED7B537AEEB7117F589928F0539C
                                                                                              SHA1:CEBEA877507785565E39D7DCCB0E6228C65373EF
                                                                                              SHA-256:650AB303E06E4A4D67BC8C1C209C4C1E6CC78D0485FF7C2D87FEDD1CAD1F4B9D
                                                                                              SHA-512:7B733E18639959649E4892E0CE086031D7F4391C18AE7A8FF73F8774A4E2F8F4A4341B1EF3BD4DCCA09A5A4CACD9BF770A56F4A95CE5D63FD3CAF13D92D064EE
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.589 764 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/05-08:31:08.593 764 Recovering log #3.2024/09/05-08:31:08.594 764 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):1254
                                                                                              Entropy (8bit):1.8784775129881184
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                              Malicious:false
                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):324
                                                                                              Entropy (8bit):5.129880260794248
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P3eN4q2P923oH+Tcwt8NIFUt82fJZmw+2fDkwO923oH+Tcwt8+eLJ:P384v4YebpFUt82fJ/+2fD5LYebqJ
                                                                                              MD5:8477089B9B85A8B60170676DD84594C4
                                                                                              SHA1:04EB9D309CD191647A0EA6AD285A15C44811EA3C
                                                                                              SHA-256:3F405A5D2124D0D06DF20E8CEA4E05C81487B52AD4C7532A23A97BF4B3EFBE7A
                                                                                              SHA-512:467A4E6757CACD154775DEEC3F0C70C64B29202E51024440BD3873174E82741E079D3804B8DA499C482CF88AE2A3275A7F45AC2CC12E963B3AFBA88423BA65AF
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.324 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-08:31:09.325 11f0 Recovering log #3.2024/09/05-08:31:09.325 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):324
                                                                                              Entropy (8bit):5.129880260794248
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P3eN4q2P923oH+Tcwt8NIFUt82fJZmw+2fDkwO923oH+Tcwt8+eLJ:P384v4YebpFUt82fJ/+2fD5LYebqJ
                                                                                              MD5:8477089B9B85A8B60170676DD84594C4
                                                                                              SHA1:04EB9D309CD191647A0EA6AD285A15C44811EA3C
                                                                                              SHA-256:3F405A5D2124D0D06DF20E8CEA4E05C81487B52AD4C7532A23A97BF4B3EFBE7A
                                                                                              SHA-512:467A4E6757CACD154775DEEC3F0C70C64B29202E51024440BD3873174E82741E079D3804B8DA499C482CF88AE2A3275A7F45AC2CC12E963B3AFBA88423BA65AF
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.324 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/05-08:31:09.325 11f0 Recovering log #3.2024/09/05-08:31:09.325 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):429
                                                                                              Entropy (8bit):5.809210454117189
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                              Malicious:false
                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):2.447678240781599
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:0BCyvkDnxUelS9nsH4/AztcOuuoKwxDuQ:mNvkDnx8sHXzCOPo1xDuQ
                                                                                              MD5:22BBBA4C7A6DAF0E77BD392C580E2DA4
                                                                                              SHA1:B52B2ACB8AAAE03B4C4B5DC124866996B91091D3
                                                                                              SHA-256:024E467DFFB2B27320C3965CD3712976B80EECDC1BDB03EE48D0468738863368
                                                                                              SHA-512:D34DABB69C2ADCA1209FC65E6E66B20010968754A4625DB32BDB0F0D2B5FF4059603842D8B6D0995CF5E055490F113EAE2A61770465B77ECDEE60A6096600462
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):155648
                                                                                              Entropy (8bit):0.6777241172227598
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:ADj/sqhH+bDo3iN0Z2TVJkXBBE3ybLD3j:gDxhIU3iGAIBBE3qnz
                                                                                              MD5:42178F78E19A7B679369EFBC65D4DB91
                                                                                              SHA1:9E3E776EE018214605A35FFED1BEEE44EFC1E875
                                                                                              SHA-256:C72DEB471ED47CB04B077BB1AB26DF6EB20891FD68D04EACCBDE3A02F990484C
                                                                                              SHA-512:030E88A1B31E9908EB938B8C18C96147BE869BF35A04031FB0AA0809EFE2A208501B15AABD8B5091BEAB1440A7ACB2D8AD2766EA43E6A5035D80FF01A64D7A39
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):8720
                                                                                              Entropy (8bit):0.2191763562065486
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Wl/ntFlljq7A/mhWJFuQ3yy7IOWUmL94/dweytllrE9SFcTp4AGbNCV9RUIJ:WO75fO4L+/d0Xi99pEY3
                                                                                              MD5:1BD234C39A870020C3C64FEBBE3FA9AF
                                                                                              SHA1:41DD4931F1329B241066A624ECF8EE977AB1DCA4
                                                                                              SHA-256:8C921A433146C5B783F71FC72E4FBBFC42D4EF11631335B5DED2EBB126C8F885
                                                                                              SHA-512:8F30C4A8660A4A3189EFD4F55C4722EF2A49C7E9845496182F9D11123CD59FBA8844B23B01E7A4E2317C7AA380830EB4CD9EB13BCD984A02F7EFED6B227D990E
                                                                                              Malicious:false
                                                                                              Preview:.............~.....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):115717
                                                                                              Entropy (8bit):5.183660917461099
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                              Malicious:false
                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                              Category:dropped
                                                                                              Size (bytes):45056
                                                                                              Entropy (8bit):3.918460570504517
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:jj9P04EQkQer0cVP/Kbtpjlfhw773pL8gam6ISRKToaAu:jdUe23VP/IlfO7BCRKcC
                                                                                              MD5:28F95A5CD74678121F5DED17BD155E5F
                                                                                              SHA1:5A8E4B497B0DB82D1BCBE1FC4B7716F7159C256D
                                                                                              SHA-256:E2BA07351F7A9E65AF2EF996222880FAB41FA555CCB38C865C306C5E07D78237
                                                                                              SHA-512:3A00634F97939E0899DB817F9AD165F0C0F1BEBE36250D80BE5332CAA6FF9144161A9F509E7EFC942F3F0D99A76D23DB9F7E16EFBA556E7656B4EBC2434DFD42
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):408
                                                                                              Entropy (8bit):5.254837120713222
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PKqN4v4Yeb8rcHEZrELFUt82WlJ/+2mID5LYeb8rcHEZrEZSJ:iIK4Yeb8nZrExg8NfVLYeb8nZrEZe
                                                                                              MD5:4D10353B1E58210266ABFBE9E8A4B4A5
                                                                                              SHA1:26ADAA2B8B3129C9A36E2D6D6119A758B1774045
                                                                                              SHA-256:95B16745D45EE73A573E66E6B8E55C2914C480EA8895D8EAF264F322C6174592
                                                                                              SHA-512:119100448E68087D8D15C9BF6449945902C70A67880F9EBFD82AD08B4C1FE9A3AA5F110A4F9A5F444FFD6BAB6049A460F43B7ED3832D631E4132F5CAB1E797DB
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:12.324 1820 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-08:31:12.325 1820 Recovering log #3.2024/09/05-08:31:12.328 1820 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):408
                                                                                              Entropy (8bit):5.254837120713222
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PKqN4v4Yeb8rcHEZrELFUt82WlJ/+2mID5LYeb8rcHEZrEZSJ:iIK4Yeb8nZrExg8NfVLYeb8nZrEZe
                                                                                              MD5:4D10353B1E58210266ABFBE9E8A4B4A5
                                                                                              SHA1:26ADAA2B8B3129C9A36E2D6D6119A758B1774045
                                                                                              SHA-256:95B16745D45EE73A573E66E6B8E55C2914C480EA8895D8EAF264F322C6174592
                                                                                              SHA-512:119100448E68087D8D15C9BF6449945902C70A67880F9EBFD82AD08B4C1FE9A3AA5F110A4F9A5F444FFD6BAB6049A460F43B7ED3832D631E4132F5CAB1E797DB
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:12.324 1820 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/05-08:31:12.325 1820 Recovering log #3.2024/09/05-08:31:12.328 1820 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):336
                                                                                              Entropy (8bit):5.1471232226051615
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PvMKjIq2P923oH+Tcwt8a2jMGIFUt82vPZmw+2vudPkwO923oH+Tcwt8a2jMmLJ:PljIv4Yeb8EFUt823/+2mdP5LYeb8bJ
                                                                                              MD5:EF890E133D817D14F7B10FC3D437C911
                                                                                              SHA1:E324B871CEA417BD0BB946E743B3425E17720F20
                                                                                              SHA-256:1226993A9864B56C153CB46A1629DB5650AC10819B6E03AE8D3FBBD5C56A1411
                                                                                              SHA-512:F57166FEB532A88489A0C734677F838824B83EA70C6D5046DD12676BDA4A309FAAC7E8D1B0C53CFED074FDC1DDA8B76D3009F21C45CED1DB06A9FEDA5AFA844C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.082 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-08:31:09.086 1c84 Recovering log #3.2024/09/05-08:31:09.089 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):336
                                                                                              Entropy (8bit):5.1471232226051615
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PvMKjIq2P923oH+Tcwt8a2jMGIFUt82vPZmw+2vudPkwO923oH+Tcwt8a2jMmLJ:PljIv4Yeb8EFUt823/+2mdP5LYeb8bJ
                                                                                              MD5:EF890E133D817D14F7B10FC3D437C911
                                                                                              SHA1:E324B871CEA417BD0BB946E743B3425E17720F20
                                                                                              SHA-256:1226993A9864B56C153CB46A1629DB5650AC10819B6E03AE8D3FBBD5C56A1411
                                                                                              SHA-512:F57166FEB532A88489A0C734677F838824B83EA70C6D5046DD12676BDA4A309FAAC7E8D1B0C53CFED074FDC1DDA8B76D3009F21C45CED1DB06A9FEDA5AFA844C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.082 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/05-08:31:09.086 1c84 Recovering log #3.2024/09/05-08:31:09.089 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):24576
                                                                                              Entropy (8bit):0.4041580736168485
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IRSjdp:TxKX0wxORAmA/U1cEB5IRSjdp
                                                                                              MD5:DF81109806211C4820F31345299454C4
                                                                                              SHA1:580945A7C6921DE4B257199FD4B1CCF7739730DD
                                                                                              SHA-256:33B489BA05246F625B44BC47FCF8FDABCC886167EC0B951E81E8B499FF4845C1
                                                                                              SHA-512:2C54E6BA966F62E05A8ECD6C6FD6A3B59F7B1C087FF2662FA4FCFD222D1B766F20F74A2DAC26521B9EDA1580966AB7BD134CD4BCA433851AA508A793111D28F8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\14f51c3d-8b0b-4803-b3fa-d58e55ebcdd4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2949
                                                                                              Entropy (8bit):5.313953535953025
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YcgCzsjtslAffcKsegsPCileeEsiacsV4akEs8+Hp/qs7+HisV+HMCbxo+:FsBfdnVke+aB4akY4pd4D4hVo+
                                                                                              MD5:A98C19A187F6872F40CF740D0AE123A9
                                                                                              SHA1:CC32C991D28F44A9839E422CA987087ACE8EB382
                                                                                              SHA-256:EE5154861644D97A634C8F54D770E0CF3AEBD210E453689EF641C75BC68846C0
                                                                                              SHA-512:0C635D584BABF42C64486154287D05F9B773D3D3E6FD67D2E049781EB5F509BACB5B80E845C2E9A308544B9304A01AB26163D5B681CA610A8571C1988D60A7B4
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605070894581","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605073479700","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372605073618754","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"133701066

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\450d4fc0-69dc-4fff-8635-8d3994500d83.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\65c04d9f-6c5f-4311-be65-911690178863.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):188
                                                                                              Entropy (8bit):5.293313369187512
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWRAWNjZS5L0PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZtjLobSQ:YWyWNgJ0Bv31dB8wXwlmUUAnIMp5neSQ
                                                                                              MD5:F24D2BFEE060CF9F99DEFFBF255DCEBB
                                                                                              SHA1:32EDF6CC8D451CBF2482AE377AFF2A4D2CCE6BAC
                                                                                              SHA-256:4AB8CF73B246BC367A9245A88BE465335EEC56BD28015C9275C414E29A3AAD44
                                                                                              SHA-512:C661AD73D2BC2F56FF2C212E47370645C1EC56FF592050E23FF9098ECB28820D909B5333CA6224B814AB000EDDB0A8809E20C514180ED3F55F6BE8A148D92BD7
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1757075539.283709,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725539539.283713}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\77c1d812-c358-4781-a098-6dae93accbee.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7d217164-fcb2-4fcc-952d-ff338187d180.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):188
                                                                                              Entropy (8bit):5.279781598971112
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWRAWNjZSmGO5Y8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZr615:YWyWNgalBv31dB8wXwlmUUAnIMp5BuN/
                                                                                              MD5:54BE2FDD1B08EA2815032864CAAB1C62
                                                                                              SHA1:1E309100B6F6CC55663A17B2CC6C0E0AD4107AFD
                                                                                              SHA-256:8B8962E2C13A0BC3CE455C8282D56088DC246E50E964CD25A0C084E6455CC477
                                                                                              SHA-512:2777AA468840F77B15DEB93F853EBC8771F8393CCDF6C0B0D3ECBAEF507108F473956651EC3EB88843511CAB61760A09DC011EE2318D01C4539FF3266B2C0847
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1757075479.237312,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725539479.237317}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):1.0841777858295671
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BzRWsoPsDYL/d5/TPOFyPr:ige+Au+/Txr
                                                                                              MD5:1E6205C80219CCDF49DC38F9279152C9
                                                                                              SHA1:8BA8D6CE7197417BD3403DD75B430E3E381B8FC6
                                                                                              SHA-256:D893FC652CEE69D22BAA6D539369097E67697302ADAC7A93EEB3619928CCB71B
                                                                                              SHA-512:3E794F632B4BAA1D022DECA34A76865181087A60AC028629D63CD61E1CF28EEABA849320B390739590018581DEF54D95DB61C2D9F1AABA27AEECF3D049CB328C
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1419
                                                                                              Entropy (8bit):5.336394944460292
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                                              MD5:BF6BA1797785A5763A0088569A24FE85
                                                                                              SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                                              SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                                              SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF44bda.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1419
                                                                                              Entropy (8bit):5.336394944460292
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                                              MD5:BF6BA1797785A5763A0088569A24FE85
                                                                                              SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                                              SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                                              SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):1.3301529962720653
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:uIEumQv8m1ccnvS6ZDo2dQF2YQ9UZh1hRVkI:uIEumQv8m1ccnvS66282rUZhzd
                                                                                              MD5:247209E7E09121023F0BCA423BAE9F42
                                                                                              SHA1:08839A4471431F082AC24833213647C31F19C10C
                                                                                              SHA-256:01CBC0110DE7B73E5F1F89B46A80A30D43BD17A46824F73B736CE54C07776D6F
                                                                                              SHA-512:2EA91606BB866F04DE2EF2764F239545B36C05D2AEA3E3DA08BFC052AEF674C92C31439FB1F18B2833ACCA85CC4554CC1B7D4907CB35EB94EEB8405B8E6AB306
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34595.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF36236.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF364b6.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):188
                                                                                              Entropy (8bit):5.279781598971112
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWRAWNjZSmGO5Y8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZr615:YWyWNgalBv31dB8wXwlmUUAnIMp5BuN/
                                                                                              MD5:54BE2FDD1B08EA2815032864CAAB1C62
                                                                                              SHA1:1E309100B6F6CC55663A17B2CC6C0E0AD4107AFD
                                                                                              SHA-256:8B8962E2C13A0BC3CE455C8282D56088DC246E50E964CD25A0C084E6455CC477
                                                                                              SHA-512:2777AA468840F77B15DEB93F853EBC8771F8393CCDF6C0B0D3ECBAEF507108F473956651EC3EB88843511CAB61760A09DC011EE2318D01C4539FF3266B2C0847
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1757075479.237312,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725539479.237317}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF46b1a.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):188
                                                                                              Entropy (8bit):5.279781598971112
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWRAWNjZSmGO5Y8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZr615:YWyWNgalBv31dB8wXwlmUUAnIMp5BuN/
                                                                                              MD5:54BE2FDD1B08EA2815032864CAAB1C62
                                                                                              SHA1:1E309100B6F6CC55663A17B2CC6C0E0AD4107AFD
                                                                                              SHA-256:8B8962E2C13A0BC3CE455C8282D56088DC246E50E964CD25A0C084E6455CC477
                                                                                              SHA-512:2777AA468840F77B15DEB93F853EBC8771F8393CCDF6C0B0D3ECBAEF507108F473956651EC3EB88843511CAB61760A09DC011EE2318D01C4539FF3266B2C0847
                                                                                              Malicious:false
                                                                                              Preview:{"sts":[{"expiry":1757075479.237312,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725539479.237317}],"version":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ba8bc3a4-eb42-4a35-89fc-96395d696325.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1419
                                                                                              Entropy (8bit):5.336394944460292
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                                              MD5:BF6BA1797785A5763A0088569A24FE85
                                                                                              SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                                              SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                                              SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e3c0fdc0-c844-4064-b466-04bf84bc3d30.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fb3b03aa-47f4-4c1a-8ea7-c8e58258159a.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc0c8301-c114-45e8-b7c5-3411d6b56eeb.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.7391107375212417
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isvhldvd0dtdjiG1d6XfN:TLSOUOq0afDdWec9sJAhvlXI7J5fc
                                                                                              MD5:A74BFDCBFB880F469AD54BEF7B1B0C88
                                                                                              SHA1:0012DD82FEB43839A30557EAF9E8DB2EB7259142
                                                                                              SHA-256:63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
                                                                                              SHA-512:203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3807c.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3cb5f.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f6b5.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF440af.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):12523
                                                                                              Entropy (8bit):5.207081000606418
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDigabatSuyIfsyusZihUky3k8wbV+FICQA66WdaFIMYQPUYJ:stuPGKSudsyufhlbGBQx6WdaTY4
                                                                                              MD5:F222AD568EBC91E86C3EF8A9E081CE7B
                                                                                              SHA1:AADA18B134F174260AE7BF8410F232A8E264B077
                                                                                              SHA-256:31F5D4C048E67CC52439D382828A21E3025E82A229FA04AA64CE810644F560F4
                                                                                              SHA-512:FCA194EA4485C51DDC64F8C7C9686814BCAEC924968186F8E06AE574F59BA7394ADF5A53DC6228116878E7F1261EBE90961CAD0D0772AA64631504AF2743FD57
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):83572
                                                                                              Entropy (8bit):5.664172583366587
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:DL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:DL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                                              MD5:AAB4E1FDC50C501D29A5FAAA31F78960
                                                                                              SHA1:CF7984390991018EFE2CF45510F73AB38642D4AC
                                                                                              SHA-256:E92ABC11DB6C7AE65DD239B0F30130F96C8444643EF2B05F0CCC629942D4992A
                                                                                              SHA-512:FEA5924977026DF10BCCF80F034EA024E83B82D6B7D88352B9BAF7594739BBEE5FCC5B9396E975DC6C1C46B376736677D064E642E931034CF8807D6BDE202696
                                                                                              Malicious:false
                                                                                              Preview:...m.................DB_VERSION.1...j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13370013079254698..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):16
                                                                                              Entropy (8bit):3.2743974703476995
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                              Malicious:false
                                                                                              Preview:MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):309
                                                                                              Entropy (8bit):5.173473581192165
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P7w1923oH+TcwtgctZQInvB2KLllMEq2P923oH+TcwtgctZQInvIFUv:P7tYebgGZznvFLnMEv4YebgGZznQFUv
                                                                                              MD5:2093224B2F7A63B3491C935C06CB67D3
                                                                                              SHA1:DF11EA2B8F0A771879BBC035552691DA02478988
                                                                                              SHA-256:A7C521F4CDAA43C0FF9A8F228B4E92B76E0F748F650E45D2C71BE1788218D646
                                                                                              SHA-512:CE3B3101105FBD04F7C408AD8F7CC6148E4B6C6428FF020D146E5608CB6F8F113BD4D68C9BB05B0E805C0AF1E5491377A059129D20EB5B654DD75590C50A2E59
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:18.431 22e0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/05-08:31:18.547 22e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:OpenPGP Secret Key
                                                                                              Category:dropped
                                                                                              Size (bytes):41
                                                                                              Entropy (8bit):4.704993772857998
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                              Malicious:false
                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35272
                                                                                              Entropy (8bit):5.556546860023451
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:X/JfJSWPawfzk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVzxbDkrwTO8p0qKp9tuO:X/JfJSWPawfzku1jaWhD9TO8Lgt9
                                                                                              MD5:1606E14F82AD0BF873B2C3627AEBCC42
                                                                                              SHA1:525B5E42BD4381FDBD4224BFBEC0441C3A80B1C5
                                                                                              SHA-256:96127C7B42D83A18A66EA8AB4BD4CDFEBAEBF6A0842EC4CFB83093E18FFB7871
                                                                                              SHA-512:4B95F1C6942B3B873B76B97FC89A535E8BC5F1E40BFC549A07708C7B67904A85F206415DB33883E86069DE797469FD7295E4B1D12FAAE5AB4BA5807E18ED6643
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370013068441405","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370013068441405","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF387bf.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35272
                                                                                              Entropy (8bit):5.556546860023451
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:X/JfJSWPawfzk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVzxbDkrwTO8p0qKp9tuO:X/JfJSWPawfzku1jaWhD9TO8Lgt9
                                                                                              MD5:1606E14F82AD0BF873B2C3627AEBCC42
                                                                                              SHA1:525B5E42BD4381FDBD4224BFBEC0441C3A80B1C5
                                                                                              SHA-256:96127C7B42D83A18A66EA8AB4BD4CDFEBAEBF6A0842EC4CFB83093E18FFB7871
                                                                                              SHA-512:4B95F1C6942B3B873B76B97FC89A535E8BC5F1E40BFC549A07708C7B67904A85F206415DB33883E86069DE797469FD7295E4B1D12FAAE5AB4BA5807E18ED6643
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370013068441405","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370013068441405","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):440
                                                                                              Entropy (8bit):4.603175108323626
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:S+a8ljljljljlF/UQ9+Cb4Q3QknGz3A/XkAvkAvkAv:Ra0ZZZZF/UohBhG0Xk8k8k8
                                                                                              MD5:A587BAE5D6E66C089663AA9206E118B0
                                                                                              SHA1:95066C5AAAF98FDEA7801CDA8FAA1DEB987F832D
                                                                                              SHA-256:E5944959659AEC542BBE3986826C89F2ACDAC12B34031551EAC02C93752502A3
                                                                                              SHA-512:5EEEEFB90CE81AC1AB7CDADB7591733262C6E5F60FEB583A717170F481E1209F6850B598D9779D7ECC6DEA7FB51B4101530947B7E09CD9AF6696B2A59E332EB1
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............8...j................next-map-id.1.Knamespace-61b1678f_ee44_402b_8b36_26622ebc58e8-https://accounts.google.com/.0nh.fk................next-map-id.2.Lnamespace-61b1678f_ee44_402b_8b36_26622ebc58e8-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):324
                                                                                              Entropy (8bit):5.107218441150491
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PvLjL+q2P923oH+TcwtrQMxIFUt82vkF0o1Zmw+2xFbLVkwO923oH+TcwtrQMFLJ:PD3+v4YebCFUt82Fo1/+2xFfV5LYebtJ
                                                                                              MD5:25A6E44C0FFB62FB6173ED7DEDDF87A3
                                                                                              SHA1:6CC4E25241CF14EAF97A951A9589BC31C7928D29
                                                                                              SHA-256:877F52BC83448C41D67A5E57ABAF8BEAC6C564B16CDD64D780EF790223CA7B52
                                                                                              SHA-512:12BDF68B5EFBE47B3725A0415DC1E10C1EB8665E8B19C34D7A4495DEB7DBDEAA123FAAE76016AE6BE007754391202D2C767AC6AA46C693095C2D27905D5F426A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.086 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-08:31:09.090 1c9c Recovering log #3.2024/09/05-08:31:09.129 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):324
                                                                                              Entropy (8bit):5.107218441150491
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PvLjL+q2P923oH+TcwtrQMxIFUt82vkF0o1Zmw+2xFbLVkwO923oH+TcwtrQMFLJ:PD3+v4YebCFUt82Fo1/+2xFfV5LYebtJ
                                                                                              MD5:25A6E44C0FFB62FB6173ED7DEDDF87A3
                                                                                              SHA1:6CC4E25241CF14EAF97A951A9589BC31C7928D29
                                                                                              SHA-256:877F52BC83448C41D67A5E57ABAF8BEAC6C564B16CDD64D780EF790223CA7B52
                                                                                              SHA-512:12BDF68B5EFBE47B3725A0415DC1E10C1EB8665E8B19C34D7A4495DEB7DBDEAA123FAAE76016AE6BE007754391202D2C767AC6AA46C693095C2D27905D5F426A
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.086 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/05-08:31:09.090 1c9c Recovering log #3.2024/09/05-08:31:09.129 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370013070951362

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):7953
                                                                                              Entropy (8bit):4.195898434867962
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:3aT7o2O1Hxbfm21HxbfmvDEQ6nPQLUZcW3DYQ6nPQLU0D1eL53nyLsB:3aQRFqDE3PeUNDY3PeU0D1eL53y
                                                                                              MD5:BCCEF7913888EE39D50E0661750C39B8
                                                                                              SHA1:95BE5DB8534F86456518FC89F7394204A1CF3B59
                                                                                              SHA-256:4CCF0216B5448B0901D31BD69DDEDF18FB289C5AFAEB13C9EE018AD6225A9D8A
                                                                                              SHA-512:AEB15EB27B278FE154883D97A70023A772E137CAE70B0DC84B754A2BD8486C02C0D4D3ACA82DADD24EA4F6B1AA6831970E32EEA350B4064B3D8237193A6DDD41
                                                                                              Malicious:false
                                                                                              Preview:SNSS.............................."...................................................!..........................................1..,......$...61b1678f_ee44_402b_8b36_26622ebc58e8......................z.........................................................................................5..0......&...{98952893-68FF-4A5D-A164-705C709ED3DB}........................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.........................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.44194574462308833
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):352
                                                                                              Entropy (8bit):5.16410204777998
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIPFN+q2P923oH+Tcwt7Uh2ghZIFUt82IU6Zmw+2IUtVkwO923oH+Tcwt7Uh2gnd:PIWv4YebIhHh2FUt82IU6/+2IUT5LYeQ
                                                                                              MD5:2E855B90DDDC50C33995AEF6D0664CCC
                                                                                              SHA1:C50BD93F61AC26DEDC20091153F6DF3D298B1422
                                                                                              SHA-256:4CECA63F01B41C1B7E4F2DE47C322D63DB5F1DBF2D06C45C0E7D37D689C54FF5
                                                                                              SHA-512:4456C594D945345E146F215AF50C20851F91D4DA6FBE512B519C51BBAEBED76AD10F085FEC3485A96386F9A3410C362E3276DE2A063C9B1DE3E1AECB6F98F76C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.571 1938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-08:31:08.586 1938 Recovering log #3.2024/09/05-08:31:08.602 1938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):352
                                                                                              Entropy (8bit):5.16410204777998
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIPFN+q2P923oH+Tcwt7Uh2ghZIFUt82IU6Zmw+2IUtVkwO923oH+Tcwt7Uh2gnd:PIWv4YebIhHh2FUt82IU6/+2IUT5LYeQ
                                                                                              MD5:2E855B90DDDC50C33995AEF6D0664CCC
                                                                                              SHA1:C50BD93F61AC26DEDC20091153F6DF3D298B1422
                                                                                              SHA-256:4CECA63F01B41C1B7E4F2DE47C322D63DB5F1DBF2D06C45C0E7D37D689C54FF5
                                                                                              SHA-512:4456C594D945345E146F215AF50C20851F91D4DA6FBE512B519C51BBAEBED76AD10F085FEC3485A96386F9A3410C362E3276DE2A063C9B1DE3E1AECB6F98F76C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.571 1938 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/05-08:31:08.586 1938 Recovering log #3.2024/09/05-08:31:08.602 1938 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):270336
                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):434
                                                                                              Entropy (8bit):5.2388482347854195
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P/jIq2P923oH+TcwtzjqEKj3K/2jMGIFUt82kZmw+29WkwO923oH+TcwtzjqEKjd:PUv4YebvqBQFUt82k/+29W5LYebvqBvJ
                                                                                              MD5:9FE33A5D77EB214D0DF0D15FF52F3788
                                                                                              SHA1:1AAF14F649F653C6D2167F5C074F04C4B1B4DF3C
                                                                                              SHA-256:DCEAD132AB6F18666354DF21046A3B0EFBC66561515D9D75C703CC28DD2156BF
                                                                                              SHA-512:9A4C7FFBC035C9E449756D1A0702693A07E11602AD699E39134539C3078F9F20418CD1E20F3B64E65F4B1AE69D3954BE272FD672BF554FBD1DBF14B65C232A57
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.387 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-08:31:09.388 1c84 Recovering log #3.2024/09/05-08:31:09.393 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):434
                                                                                              Entropy (8bit):5.2388482347854195
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:P/jIq2P923oH+TcwtzjqEKj3K/2jMGIFUt82kZmw+29WkwO923oH+TcwtzjqEKjd:PUv4YebvqBQFUt82k/+29W5LYebvqBvJ
                                                                                              MD5:9FE33A5D77EB214D0DF0D15FF52F3788
                                                                                              SHA1:1AAF14F649F653C6D2167F5C074F04C4B1B4DF3C
                                                                                              SHA-256:DCEAD132AB6F18666354DF21046A3B0EFBC66561515D9D75C703CC28DD2156BF
                                                                                              SHA-512:9A4C7FFBC035C9E449756D1A0702693A07E11602AD699E39134539C3078F9F20418CD1E20F3B64E65F4B1AE69D3954BE272FD672BF554FBD1DBF14B65C232A57
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.387 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/05-08:31:09.388 1c84 Recovering log #3.2024/09/05-08:31:09.393 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\044d7ad8-5253-47f6-baec-4ec1fd1d8e70.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):144
                                                                                              Entropy (8bit):4.842082263530856
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
                                                                                              MD5:F32592F4926E25E0D647EA7E4CBCD3FE
                                                                                              SHA1:4126DAA71810BDC438563699F77D5DA66DD3295E
                                                                                              SHA-256:BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
                                                                                              SHA-512:96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3736a277-3739-421d-a18d-dd7fac265fd9.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):144
                                                                                              Entropy (8bit):4.842082263530856
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
                                                                                              MD5:F32592F4926E25E0D647EA7E4CBCD3FE
                                                                                              SHA1:4126DAA71810BDC438563699F77D5DA66DD3295E
                                                                                              SHA-256:BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
                                                                                              SHA-512:96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
                                                                                              Malicious:false
                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF36236.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF364b6.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):36864
                                                                                              Entropy (8bit):0.3886039372934488
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c838f2fc-95b6-40fd-92b7-b18e122ed6b1.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40
                                                                                              Entropy (8bit):4.1275671571169275
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                              Malicious:false
                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\db636191-38c0-4f0f-a5f9-f8b11060742a.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f83e2c43-ab17-42d2-a0ac-cf56b5c7fa41.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:H:H
                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                              Malicious:false
                                                                                              Preview:[]

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):80
                                                                                              Entropy (8bit):3.4921535629071894
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                              Malicious:false
                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):422
                                                                                              Entropy (8bit):5.259037768449191
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PgUav4YebvqBZFUt82g79/+2gg5LYebvqBaJ:4Ug4Yebvyg8ZSKLYebvL
                                                                                              MD5:1020A1C080782D71DEA54D774338A04A
                                                                                              SHA1:F397FB3D9B94364239A81E00D6BA46E974FEB615
                                                                                              SHA-256:E7FC87A3FD32195DCC176A520B77144D1B735CF8CEF14FC29BCA5471C41A2176
                                                                                              SHA-512:4F88A18A8C5643C6D7B27438A915C3658EA4F97724A2F11E20EE1EA804F8DFA526AB2240CB0DE194F88BD82AB05C376717D0969A91CB88991864B73FC321AF5C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:26.885 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-08:31:26.886 1c84 Recovering log #3.2024/09/05-08:31:26.889 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):422
                                                                                              Entropy (8bit):5.259037768449191
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:PgUav4YebvqBZFUt82g79/+2gg5LYebvqBaJ:4Ug4Yebvyg8ZSKLYebvL
                                                                                              MD5:1020A1C080782D71DEA54D774338A04A
                                                                                              SHA1:F397FB3D9B94364239A81E00D6BA46E974FEB615
                                                                                              SHA-256:E7FC87A3FD32195DCC176A520B77144D1B735CF8CEF14FC29BCA5471C41A2176
                                                                                              SHA-512:4F88A18A8C5643C6D7B27438A915C3658EA4F97724A2F11E20EE1EA804F8DFA526AB2240CB0DE194F88BD82AB05C376717D0969A91CB88991864B73FC321AF5C
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:26.885 1c84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/05-08:31:26.886 1c84 Recovering log #3.2024/09/05-08:31:26.889 1c84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):325
                                                                                              Entropy (8bit):5.1593935227522545
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIwN+q2P923oH+TcwtpIFUt82IwZZmw+2IwNVkwO923oH+Tcwta/WLJ:PIhv4YebmFUt82Ic/+2Ic5LYebaUJ
                                                                                              MD5:A5E8EAA3EB0F8A6DA620DEE931D90FE1
                                                                                              SHA1:B3B39CF85D0D6C68B12270DF7B66C89A46BF7C46
                                                                                              SHA-256:3ED117AE7A98FA786DAA0B8B361B0862916FF226639DA3989875BCB1B6A638DA
                                                                                              SHA-512:EF9FC11FD5D2DF5BA5989175054E405684DA94D09C8A3C18A4E3D04D6A185E3B0D023EB66F50610EC68295C83081892BEEDF98CD336E276F5577C5235E8F3728
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.490 a18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-08:31:08.490 a18 Recovering log #3.2024/09/05-08:31:08.490 a18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):325
                                                                                              Entropy (8bit):5.1593935227522545
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PIwN+q2P923oH+TcwtpIFUt82IwZZmw+2IwNVkwO923oH+Tcwta/WLJ:PIhv4YebmFUt82Ic/+2Ic5LYebaUJ
                                                                                              MD5:A5E8EAA3EB0F8A6DA620DEE931D90FE1
                                                                                              SHA1:B3B39CF85D0D6C68B12270DF7B66C89A46BF7C46
                                                                                              SHA-256:3ED117AE7A98FA786DAA0B8B361B0862916FF226639DA3989875BCB1B6A638DA
                                                                                              SHA-512:EF9FC11FD5D2DF5BA5989175054E405684DA94D09C8A3C18A4E3D04D6A185E3B0D023EB66F50610EC68295C83081892BEEDF98CD336E276F5577C5235E8F3728
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:08.490 a18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/05-08:31:08.490 a18 Recovering log #3.2024/09/05-08:31:08.490 a18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):131072
                                                                                              Entropy (8bit):0.005582420312713277
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ImtVF+R5I/xfXE:IiVEY5
                                                                                              MD5:47B8D1BD00B6A10980E43B3B2521B9A5
                                                                                              SHA1:8A4232FBDE7A856808E75E26D38B00B3606B05FA
                                                                                              SHA-256:325B3F03D47B0948D266179770D8A301810168E4E073DF7CAE526BC36E1603C2
                                                                                              SHA-512:EB45D5783C7CCCAFD06C14F1F6967ED95A10434629399660A51D1D32BFC98470ABEE743C03A74671AEC91BD074B0B68387994A11451A769C5C42C1F58AC542A9
                                                                                              Malicious:false
                                                                                              Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                              Category:dropped
                                                                                              Size (bytes):196608
                                                                                              Entropy (8bit):1.2654985948296744
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:8/2qOB1nxCkMISAELyKOMq+8yC8F/YfU5m+OlTLVumg:Bq+n0JI9ELyKOMq+8y9/OwH
                                                                                              MD5:F9770F9C87700211196AD747F9BCBACA
                                                                                              SHA1:33CA8807D5CDFD25346BC967664BB2BD378586A7
                                                                                              SHA-256:F1E9DD3D53BBA44BA012EA27E181089018EC87F0CFAFFA0749DB03D528F59CCB
                                                                                              SHA-512:784709665C68E8E6A1B5E568E5A908714EA020B0B8112EFD31A550794FC101D3783C0BA7D178D7C9F4FAC088EC7F2D8728A57F55304C953DDF113C1A5C9A84CC
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                              Category:dropped
                                                                                              Size (bytes):14336
                                                                                              Entropy (8bit):1.4204823643119044
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgj2RyI4pbc2RyI43xj/:ftSjGhp22iS3DODo
                                                                                              MD5:B4252CE533BB67FE32970CCA897F2B5F
                                                                                              SHA1:7AA1BDCF2A7701856C1C77CC9F0894A140AC89AD
                                                                                              SHA-256:C43DE306D2E53A74FCD52DFDCF4FBC0A2C3C3D96E65E0DFA856217A4DB03D1E9
                                                                                              SHA-512:F0A4711CEB6444776380187EC2343163453CC3F2101999490A894EB87E5C6B08B827F50742A621A5EA2ABD193DA272290233A56025C4500BE506CFFB07C84D2A
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.41235120905181716
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11755
                                                                                              Entropy (8bit):5.190465908239046
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                              Malicious:false
                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b8589818-9671-442f-b145-f325edb3d817.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):13141
                                                                                              Entropy (8bit):5.283584414885215
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:stuJ99QTryDiuabatSuyIfsyusZihaEXxRky3k8wbV+FICQA66WKaFIMYQPUYJ:stuPGQSudsyufhaEXxQbGBQx6WKaTY4
                                                                                              MD5:2B540ABDB3DE8C84693B7205E83568FA
                                                                                              SHA1:E9440F56F33AE9DD17AD4EB077907C4CEBFCE364
                                                                                              SHA-256:EA24E7A29BEE7AF795BFB83718F64A734998CCBF95353912CAC3142B60DE7A8F
                                                                                              SHA-512:9C13199F6269AF0CD86DDE08167D0948002502C759F39F29C199074150D14C8F19085150CDB0281589E297348C921D02B4613AB867C2979285B45AD69F8657A8
                                                                                              Malicious:false
                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370013069046145","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                              Category:dropped
                                                                                              Size (bytes):28672
                                                                                              Entropy (8bit):0.3410017321959524
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fd8e1f13-c2fa-4f77-9e6e-fed6445657a6.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):40504
                                                                                              Entropy (8bit):5.561045393625103
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:X/JfRW7pLGLvUSWPawfMk8F1+UoAYDCx9Tuqh0VfUC9xbog/OVYPSxbDkrwTOoI0:X/JfR2cvUSWPawfMku1ja5PShD9TOoQu
                                                                                              MD5:89E9AF8EF188895B297947809B8B5916
                                                                                              SHA1:3317E2AC51F7BAB17A6B7049D209BDAF9468B9EB
                                                                                              SHA-256:47068A878FEF4DD1CD82D2C6ED062EA1CDA4D8FF40AC9B6F0C71E8938D97F792
                                                                                              SHA-512:1DC5FA0A381206DD89C8894AAF4000F1953BCBD0DE580A7E2D382169B81D9E3145531A7E827232753C6A2F9AAE6F3089BA9EB64DD47EB7CE9EFBEDF4AAAC67DD
                                                                                              Malicious:false
                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370013068441405","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370013068441405","location":5,"ma

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.11573007272121795
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:WtqWtq/4pEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtqWtqcoPnnnnnnnnnnnnnnnvN3zd
                                                                                              MD5:CE616C047F9D4DBC7DFBC166CE519FFE
                                                                                              SHA1:9476B47FC26B4198F9CA83E541A6B20F17798A44
                                                                                              SHA-256:E9B2750EE572D2FC56DDF958F2A2897300885B2478828ECEF9552918FAF457F9
                                                                                              SHA-512:21C908AFA4D8FAC081A32A7AC00D2CA2970AB09B3A932C1251F8263D43BC0391A3F5D0F67F5E1A7243FE139585D03721D134D211630C6873E04872CCA8D5341D
                                                                                              Malicious:false
                                                                                              Preview:..-.............]...........R%...4..}....?>;.L...-.............]...........R%...4..}....?>;.L.........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                              Category:dropped
                                                                                              Size (bytes):383192
                                                                                              Entropy (8bit):1.0816822334564629
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:Yg+XmIH+QygMwJpeKyY/l1HiZ1mi41GiMq1kiw1six:yWc51PzvBt1HY1mJ1Gw1kx1sm
                                                                                              MD5:8368C5FFC50ED7332003DF36E2443FC0
                                                                                              SHA1:4D4FC52DC2BCE87DDFBB4943E1DC11E9969F9880
                                                                                              SHA-256:4EFAA296492F729DDF2C02310EAE83E816B4DE154CC53DFB85BCB83CE2F02B26
                                                                                              SHA-512:BFCB88C90F49183C56BF8CC0B9C4DA2F97B79E3C3097D62E63FE8BD3E9FB8253226894CB163538519230C0562A520AD6A0E86DF97164DB753F1BC2341E2199A2
                                                                                              Malicious:false
                                                                                              Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:modified
                                                                                              Size (bytes):723
                                                                                              Entropy (8bit):3.2130765254584066
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuupa8z:iDh
                                                                                              MD5:4FDF4AD3F17A7F7C53A61B426BBF7D0D
                                                                                              SHA1:79B0E9B80D95A0C9E336D143D148D29D93FA6266
                                                                                              SHA-256:990F7A8B920946D262C05953D71E09FAF7ACED3DFC60D804B9AC3DB84CAF813A
                                                                                              SHA-512:DAA70DACABB3A19737BD0473F2A1E99844B6D89423B2CAAA93BA6ED51E2637AAA31D6E1BC46487F0FCEC24176808E1E373639467F8BB3A7FB86E006F9A5F048F
                                                                                              Malicious:false
                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............nX.&0................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):321
                                                                                              Entropy (8bit):5.220734885915522
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PlfwDM+q2P923oH+TcwtfrK+IFUt82lfwgZmw+2lfwDMVkwO923oH+TcwtfrUeLJ:PlfwDM+v4Yeb23FUt82lfwg/+2lfwDM9
                                                                                              MD5:955B20DC69076E38152D91FF729666C3
                                                                                              SHA1:6DE56C291EDD2E71E8D7CB9B4065FA8938BB9871
                                                                                              SHA-256:CDE28693C0C172D2C9541088ADEEBCD36717C7F0000B87233114674EDC4DA1E4
                                                                                              SHA-512:87820A82EA93AEF41069D7CEE28F34BE4950B96276683406E8EB066DD6B898FA834C7122F8B0367001788C3CF0AB3640C10C4140D759560CD9563B2F94951D26
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.161 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-08:31:09.161 3fc Recovering log #3.2024/09/05-08:31:09.161 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):321
                                                                                              Entropy (8bit):5.220734885915522
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PlfwDM+q2P923oH+TcwtfrK+IFUt82lfwgZmw+2lfwDMVkwO923oH+TcwtfrUeLJ:PlfwDM+v4Yeb23FUt82lfwg/+2lfwDM9
                                                                                              MD5:955B20DC69076E38152D91FF729666C3
                                                                                              SHA1:6DE56C291EDD2E71E8D7CB9B4065FA8938BB9871
                                                                                              SHA-256:CDE28693C0C172D2C9541088ADEEBCD36717C7F0000B87233114674EDC4DA1E4
                                                                                              SHA-512:87820A82EA93AEF41069D7CEE28F34BE4950B96276683406E8EB066DD6B898FA834C7122F8B0367001788C3CF0AB3640C10C4140D759560CD9563B2F94951D26
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.161 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/05-08:31:09.161 3fc Recovering log #3.2024/09/05-08:31:09.161 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):787
                                                                                              Entropy (8bit):4.059252238767438
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                              MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                              SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                              SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                              SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                              Malicious:false
                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):339
                                                                                              Entropy (8bit):5.223707428964027
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PfcDM+q2P923oH+TcwtfrzAdIFUt82fPgZmw+2fPDMVkwO923oH+TcwtfrzILJ:P0DM+v4Yeb9FUt82ng/+2nDMV5LYeb2J
                                                                                              MD5:6ADE2F772FF6638DBB7CFB6ECF7E5ADA
                                                                                              SHA1:F8F23CFE03EFB237B88FFC0C7303D80CA328DD22
                                                                                              SHA-256:EBABD8627D8C471261F19BE8BBEFF905F0C9096E47F358784879C79A9CABC1A0
                                                                                              SHA-512:BF5709727348854B932F60F73693638EDF7E6FE6E690DB6F4BA3E51D9A96ABC00311424E76C12D4C1245383C2F8D6C7861A8D16899A0FF251481B4486D215924
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.156 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-08:31:09.157 3fc Recovering log #3.2024/09/05-08:31:09.157 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):339
                                                                                              Entropy (8bit):5.223707428964027
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:PfcDM+q2P923oH+TcwtfrzAdIFUt82fPgZmw+2fPDMVkwO923oH+TcwtfrzILJ:P0DM+v4Yeb9FUt82ng/+2nDMV5LYeb2J
                                                                                              MD5:6ADE2F772FF6638DBB7CFB6ECF7E5ADA
                                                                                              SHA1:F8F23CFE03EFB237B88FFC0C7303D80CA328DD22
                                                                                              SHA-256:EBABD8627D8C471261F19BE8BBEFF905F0C9096E47F358784879C79A9CABC1A0
                                                                                              SHA-512:BF5709727348854B932F60F73693638EDF7E6FE6E690DB6F4BA3E51D9A96ABC00311424E76C12D4C1245383C2F8D6C7861A8D16899A0FF251481B4486D215924
                                                                                              Malicious:false
                                                                                              Preview:2024/09/05-08:31:09.156 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/05-08:31:09.157 3fc Recovering log #3.2024/09/05-08:31:09.157 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):120
                                                                                              Entropy (8bit):3.32524464792714
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                              Malicious:false
                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):13
                                                                                              Entropy (8bit):2.7192945256669794
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                              Malicious:false
                                                                                              Preview:117.0.2045.47

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32d89.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32da8.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32fac.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3568d.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44032.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49b81.TMP (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):44137
                                                                                              Entropy (8bit):6.090701574106393
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM+wuF9hDO6vP6O+ytbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46btbz8hu3VlXr4CRo1
                                                                                              MD5:5AD49C8182F37D8D8717E3A8B9CEA9B2
                                                                                              SHA1:DBCF029FF5F5C65391295140B837F45A23F82360
                                                                                              SHA-256:8D095FBD7992047F8D8A18A328487823DE61B6860C8C9B736963F3D220CDC0EE
                                                                                              SHA-512:E63048886F2FB154096D09F6EC6D9288770A505EE950070B2944274C9558FF89FEB9CEADFDD42ED273C6DCB4A76472B89F68C03E8D64B696C5A671CB82097DD8
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.5963118027796015
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                                              Malicious:false
                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):47
                                                                                              Entropy (8bit):4.3818353308528755
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                              Malicious:false
                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):35
                                                                                              Entropy (8bit):4.014438730983427
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                              Malicious:false
                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):50
                                                                                              Entropy (8bit):3.9904355005135823
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                              Malicious:false
                                                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):575056
                                                                                              Entropy (8bit):7.999649474060713
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                              Malicious:false
                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):86
                                                                                              Entropy (8bit):4.3751917412896075
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                              MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                              SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                              SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                              SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                              Malicious:false
                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b3a56ec2-141d-4cb9-85aa-54a80526bf75.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):45710
                                                                                              Entropy (8bit):6.08653215494476
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4I9Dn/3hDO6vP6OrHkIt+Lqb/lEeCAonGoup1Xl3jVzXr+:mMGQ5XMBD9D06LvWeRonhu3VlXr49
                                                                                              MD5:6BC7260820D5AFEE6EF93107C43D02EB
                                                                                              SHA1:6A8BD28C3B884FDF274CEBC0FB938832F0764AE3
                                                                                              SHA-256:F70B63B7150C63654F92808115D6FC916EDCFC1A401DB9C0B2E906FAEB844570
                                                                                              SHA-512:1006102B7A48940A1EDE60CBAB3911DBE280FE23671950F382FE2BB7ADBF78D0FC57BCCC801F0745F5F17C69CB668196C1D4EB974B5B7D4B9ACB7DDB626A6049
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ecf1adaa-459e-4887-bce3-3d7d441049c7.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):44600
                                                                                              Entropy (8bit):6.0959925167460405
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBmwuOhDO6vP6OrLVIm5RclcGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEQ6LEchu3VlXr4CRo1
                                                                                              MD5:71E7FD3DDF5172776FF07847D521CFC5
                                                                                              SHA1:C379E29E93300CE5A78331C9D6DD4A741C239267
                                                                                              SHA-256:555B111F5BFFF1CDE0BA30F7FF16D390A45BDE5D48782126D50B3693795C1BD3
                                                                                              SHA-512:8B708BEA8AD429C4E989B6FD0F8DF59B0495479EECDCEA6C3087CD03FFA658DDC307F448888CE3C55A7B39A2DC6C608D240A03675241DCF8AB3558772F1E9B4A
                                                                                              Malicious:false
                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):2278
                                                                                              Entropy (8bit):3.8368949255915563
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:uiTrlKxrgxixl9Il8u1CC4wBEHUa86d1rd1rc:m7YmCXQPBd1M
                                                                                              MD5:20099933453E3CAF785965347AEC24FA
                                                                                              SHA1:55E91118B6812E39DD63C41026B8F7ECFC37C07E
                                                                                              SHA-256:1CB2F960EFDA956D56DA75704CBE32F1E21638CA2ABDAAFE508A8DF6B32922F6
                                                                                              SHA-512:FB5888486095CD1D0CBF7C6EA3A1B50509E29D403AB2FC6B443083328C65957190F290FB5DAFAC6C631D01B8D3BBF7ABDCFBE33CEE08F9169BBAF6A97AB35C55
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.3.y.4.J.f./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.8.x.Z.d.f.p.

                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4622
                                                                                              Entropy (8bit):3.9981750213783935
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:RYn7ZLGq3/xb0o4+kSkkmIKiHsV0FOONOIjmSUhI:ReC4/xb09FSkkmcM0TOIjmSYI
                                                                                              MD5:99889BC8502F0CC23492DDD7857C8E17
                                                                                              SHA1:0223A752EAACDC1A3DDF1E5E09388A8D5A617656
                                                                                              SHA-256:F340D3DDF0E584EA42D905667D3A5FBF342951FA4BF592B439F9D90DE48DBE49
                                                                                              SHA-512:D356A7214A50F08732F32ED4D14003EEE06F87D41AAC2039EC5ED76FCF60CBFE14EB7CA1E49A2106780B16A67CD6F99AA1A72B0A4EE37F9D1596A95CD8886DFE
                                                                                              Malicious:false
                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.h.1.d.x.o././.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.0.p.D.G.u.

                                                                                              C:\Users\user\AppData\Local\Temp\142faec3-441d-4d56-ba92-348598620b17.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\3e6cdc9f-2ce2-4cab-8b7d-7b2a59dadf23.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\6858cfc7-817a-44a9-82de-848b98f5839e.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:L:L
                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                              Malicious:false
                                                                                              Preview:.

                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2110
                                                                                              Entropy (8bit):5.404413863242863
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrG:8e2Fa116uCntc5toYOgEp
                                                                                              MD5:88A4AE191B18AF38F9F0CDC4EBF814F4
                                                                                              SHA1:7229D66023A687CB09096B4A7EF6F71B552C81C4
                                                                                              SHA-256:03FECB2D693506AFC10F202199C4DF550C99C6404794B19FFB4FAA9D1878F1AC
                                                                                              SHA-512:6B2220E3A309F43869A5EC5F220DE3C47B32075601427395BF650E68F7BCE0EA70D98F922CE436CF20C23152789614D47F9BE84FA050290418C59458EF80C697
                                                                                              Malicious:false
                                                                                              Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                              C:\Users\user\AppData\Local\Temp\dc70ea12-5045-4ff5-9c82-44d96c1dd843.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\e0b51882-a32d-4bf6-8fa3-6caa8570dcb9.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                                                                              Category:dropped
                                                                                              Size (bytes):524320
                                                                                              Entropy (8bit):7.998159061744845
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:UfOLTpYZBWqYw902J0jz/2F4w9mf+x4AsLXZ+E70G8OlmP6:USTABEw9LmjzeywO+x4AsLXZbx8OJ
                                                                                              MD5:93442F461585E19C55EA6B4BCFCE3EBD
                                                                                              SHA1:F5283B7826F130ECC656245C85F1CDDDFF87C0DB
                                                                                              SHA-256:340963404F7686F6BAB23E6701CEB9D599D9C377849FE4EFC17815EEEF319AF8
                                                                                              SHA-512:2B2655C69615DA827D8670AA937344C0DFF93547B0BAB7C018BAEB922351D0629F5E97A2DEEAB5226CA81B089B6701E7FD0EB00B368802A8B0F8A2BB11656FC8
                                                                                              Malicious:false
                                                                                              Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                                              C:\Users\user\AppData\Local\Temp\e26b7634-2604-4558-ba58-a53049e2bfeb.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                              Category:dropped
                                                                                              Size (bytes):206855
                                                                                              Entropy (8bit):7.983996634657522
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                              Malicious:false
                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                              C:\Users\user\AppData\Local\Temp\fcafbaa8-aa33-42c6-a532-cea333bfdf02.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                              Category:dropped
                                                                                              Size (bytes):76321
                                                                                              Entropy (8bit):7.996057445951542
                                                                                              Encrypted:true
                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                              MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                              SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                              SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                              SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                              Malicious:false
                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                              Category:dropped
                                                                                              Size (bytes):32768
                                                                                              Entropy (8bit):0.4593089050301797
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                              Malicious:false
                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_1607228590\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1753
                                                                                              Entropy (8bit):5.8889033066924155
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                              Malicious:false
                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_1607228590\CRX_INSTALL\content.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):9815
                                                                                              Entropy (8bit):6.1716321262973315
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_1607228590\CRX_INSTALL\content_new.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):10388
                                                                                              Entropy (8bit):6.174387413738973
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                              Malicious:false
                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_1607228590\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):962
                                                                                              Entropy (8bit):5.698567446030411
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                              Malicious:false
                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_1607228590\dc70ea12-5045-4ff5-9c82-44d96c1dd843.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):11185
                                                                                              Entropy (8bit):7.951995436832936
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\3e6cdc9f-2ce2-4cab-8b7d-7b2a59dadf23.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:Google Chrome extension, version 3
                                                                                              Category:dropped
                                                                                              Size (bytes):135751
                                                                                              Entropy (8bit):7.804610863392373
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                              Malicious:false
                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\128.png

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):4982
                                                                                              Entropy (8bit):7.929761711048726
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\af\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):908
                                                                                              Entropy (8bit):4.512512697156616
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\am\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1285
                                                                                              Entropy (8bit):4.702209356847184
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ar\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1244
                                                                                              Entropy (8bit):4.5533961615623735
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\az\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.867640976960053
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\be\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3107
                                                                                              Entropy (8bit):3.535189746470889
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\bg\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1389
                                                                                              Entropy (8bit):4.561317517930672
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\bn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1763
                                                                                              Entropy (8bit):4.25392954144533
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ca\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):930
                                                                                              Entropy (8bit):4.569672473374877
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\cs\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):913
                                                                                              Entropy (8bit):4.947221919047
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\cy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):806
                                                                                              Entropy (8bit):4.815663786215102
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\da\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):883
                                                                                              Entropy (8bit):4.5096240460083905
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\de\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1031
                                                                                              Entropy (8bit):4.621865814402898
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\el\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1613
                                                                                              Entropy (8bit):4.618182455684241
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\en\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):851
                                                                                              Entropy (8bit):4.4858053753176526
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):848
                                                                                              Entropy (8bit):4.494568170878587
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\en_US\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1425
                                                                                              Entropy (8bit):4.461560329690825
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                              Malicious:false
                                                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\es\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):961
                                                                                              Entropy (8bit):4.537633413451255
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\es_419\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):959
                                                                                              Entropy (8bit):4.570019855018913
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\et\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):968
                                                                                              Entropy (8bit):4.633956349931516
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\eu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):838
                                                                                              Entropy (8bit):4.4975520913636595
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\fa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1305
                                                                                              Entropy (8bit):4.673517697192589
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\fi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):911
                                                                                              Entropy (8bit):4.6294343834070935
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\fil\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):939
                                                                                              Entropy (8bit):4.451724169062555
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\fr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):977
                                                                                              Entropy (8bit):4.622066056638277
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):972
                                                                                              Entropy (8bit):4.621319511196614
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\gl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):990
                                                                                              Entropy (8bit):4.497202347098541
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\gu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1658
                                                                                              Entropy (8bit):4.294833932445159
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\hi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1672
                                                                                              Entropy (8bit):4.314484457325167
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\hr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):935
                                                                                              Entropy (8bit):4.6369398601609735
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\hu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1065
                                                                                              Entropy (8bit):4.816501737523951
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\hy\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2771
                                                                                              Entropy (8bit):3.7629875118570055
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\id\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):858
                                                                                              Entropy (8bit):4.474411340525479
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\is\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):954
                                                                                              Entropy (8bit):4.631887382471946
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\it\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):899
                                                                                              Entropy (8bit):4.474743599345443
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\iw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2230
                                                                                              Entropy (8bit):3.8239097369647634
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ja\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1160
                                                                                              Entropy (8bit):5.292894989863142
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ka\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3264
                                                                                              Entropy (8bit):3.586016059431306
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\kk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3235
                                                                                              Entropy (8bit):3.6081439490236464
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\km\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3122
                                                                                              Entropy (8bit):3.891443295908904
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\kn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1880
                                                                                              Entropy (8bit):4.295185867329351
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ko\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1042
                                                                                              Entropy (8bit):5.3945675025513955
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\lo\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2535
                                                                                              Entropy (8bit):3.8479764584971368
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\lt\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1028
                                                                                              Entropy (8bit):4.797571191712988
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                              MD5:970544AB4622701FFDF66DC556847652
                                                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\lv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):994
                                                                                              Entropy (8bit):4.700308832360794
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ml\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2091
                                                                                              Entropy (8bit):4.358252286391144
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\mn\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2778
                                                                                              Entropy (8bit):3.595196082412897
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\mr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1719
                                                                                              Entropy (8bit):4.287702203591075
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ms\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):936
                                                                                              Entropy (8bit):4.457879437756106
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\my\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):3830
                                                                                              Entropy (8bit):3.5483353063347587
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                              MD5:342335A22F1886B8BC92008597326B24
                                                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ne\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1898
                                                                                              Entropy (8bit):4.187050294267571
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\nl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.513485418448461
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\no\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):878
                                                                                              Entropy (8bit):4.4541485835627475
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\pa\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2766
                                                                                              Entropy (8bit):3.839730779948262
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\pl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):978
                                                                                              Entropy (8bit):4.879137540019932
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):907
                                                                                              Entropy (8bit):4.599411354657937
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):914
                                                                                              Entropy (8bit):4.604761241355716
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ro\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):937
                                                                                              Entropy (8bit):4.686555713975264
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ru\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1337
                                                                                              Entropy (8bit):4.69531415794894
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\si\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2846
                                                                                              Entropy (8bit):3.7416822879702547
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\sk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):934
                                                                                              Entropy (8bit):4.882122893545996
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\sl\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):963
                                                                                              Entropy (8bit):4.6041913416245
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\sr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1320
                                                                                              Entropy (8bit):4.569671329405572
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\sv\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):884
                                                                                              Entropy (8bit):4.627108704340797
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\sw\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):980
                                                                                              Entropy (8bit):4.50673686618174
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ta\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1941
                                                                                              Entropy (8bit):4.132139619026436
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\te\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1969
                                                                                              Entropy (8bit):4.327258153043599
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\th\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1674
                                                                                              Entropy (8bit):4.343724179386811
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\tr\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1063
                                                                                              Entropy (8bit):4.853399816115876
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\uk\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1333
                                                                                              Entropy (8bit):4.686760246306605
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\ur\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1263
                                                                                              Entropy (8bit):4.861856182762435
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\vi\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1074
                                                                                              Entropy (8bit):5.062722522759407
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):879
                                                                                              Entropy (8bit):5.7905809868505544
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1205
                                                                                              Entropy (8bit):4.50367724745418
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):843
                                                                                              Entropy (8bit):5.76581227215314
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                              Malicious:false
                                                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_locales\zu\messages.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):912
                                                                                              Entropy (8bit):4.65963951143349
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                              Malicious:false
                                                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\_metadata\verified_contents.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):11280
                                                                                              Entropy (8bit):5.754230909218899
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                              Malicious:false
                                                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\dasherSettingSchema.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):854
                                                                                              Entropy (8bit):4.284628987131403
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                              Malicious:false
                                                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\manifest.json

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):2525
                                                                                              Entropy (8bit):5.417689528134667
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                              Malicious:false
                                                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\offscreendocument.html

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:HTML document, ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):97
                                                                                              Entropy (8bit):4.862433271815736
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                              Malicious:false
                                                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\offscreendocument_main.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):95567
                                                                                              Entropy (8bit):5.4016395763198135
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\page_embed_script.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):291
                                                                                              Entropy (8bit):4.65176400421739
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                              Malicious:false
                                                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir5948_881351672\CRX_INSTALL\service_worker_bin_prod.js

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              File Type:ASCII text, with very long lines (4369)
                                                                                              Category:dropped
                                                                                              Size (bytes):103988
                                                                                              Entropy (8bit):5.389407461078688
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                              Malicious:false
                                                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                              Category:dropped
                                                                                              Size (bytes):453023
                                                                                              Entropy (8bit):7.997718157581587
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                              Malicious:false
                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):3.91829583405449
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                              Malicious:false
                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):66
                                                                                              Entropy (8bit):4.837595020998689
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.1867463390487
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):36830
                                                                                              Entropy (8bit):5.1867463390487
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                              Malicious:false
                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1021904
                                                                                              Entropy (8bit):6.648417932394748
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):116
                                                                                              Entropy (8bit):4.968220104601006
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                              Malicious:false
                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11225
                                                                                              Entropy (8bit):5.510774197254429
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:2+nPOeRnHYbBp6RJ0aX+36SEXKKKkHWNBw8rFSl:XPegJUq7PHEwY0
                                                                                              MD5:6D0077E3C6C613A565E6A6407958CF57
                                                                                              SHA1:51CD1C5A590DAEE4FA5F05F51BAC695B01C4D8E9
                                                                                              SHA-256:01B9E969136F854284796F5FA86FF6B1F1B6D3241F1EC94B3C06E7068700356A
                                                                                              SHA-512:EDAD87784143763451968A4D8B61784CAA027A4707E6C2C8DED6C00C10955175CD486F2767BDF51B5F2A5C404EA56C855C4E155AFF449B48FC9C4D6BFB881011
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725546203);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725546203);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):11225
                                                                                              Entropy (8bit):5.510774197254429
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:2+nPOeRnHYbBp6RJ0aX+36SEXKKKkHWNBw8rFSl:XPegJUq7PHEwY0
                                                                                              MD5:6D0077E3C6C613A565E6A6407958CF57
                                                                                              SHA1:51CD1C5A590DAEE4FA5F05F51BAC695B01C4D8E9
                                                                                              SHA-256:01B9E969136F854284796F5FA86FF6B1F1B6D3241F1EC94B3C06E7068700356A
                                                                                              SHA-512:EDAD87784143763451968A4D8B61784CAA027A4707E6C2C8DED6C00C10955175CD486F2767BDF51B5F2A5C404EA56C855C4E155AFF449B48FC9C4D6BFB881011
                                                                                              Malicious:false
                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725546203);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725546203);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\49409584-9cbe-40a8-9057-948720249a2c (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):493
                                                                                              Entropy (8bit):4.957147243070369
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YZFgm6ThhJeZZIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YH6ThhUTSlCOlZGV1AQIWZcy6ZXvx
                                                                                              MD5:08E8E884F5EEDAAFBA346F7B9534BD6C
                                                                                              SHA1:B3EDDE60994FF8BC8B93E7B3C1750CBEC46D0AEE
                                                                                              SHA-256:FFF496711D47A776115AE75C80CEA9C761372BF28484F6ACF1B9A4F43E6D951F
                                                                                              SHA-512:9F8C9BF5860911F4EDD03EB17F4657A14361CA659C5B194187FF98B77B2EFC5AF97F04700FC68E8C9253117567101CA545157DF49CD64311FBB57B98AE71ACDF
                                                                                              Malicious:false
                                                                                              Preview:{"type":"health","id":"49409584-9cbe-40a8-9057-948720249a2c","creationDate":"2024-09-05T14:23:55.175Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\49409584-9cbe-40a8-9057-948720249a2c.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:modified
                                                                                              Size (bytes):493
                                                                                              Entropy (8bit):4.957147243070369
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YZFgm6ThhJeZZIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YH6ThhUTSlCOlZGV1AQIWZcy6ZXvx
                                                                                              MD5:08E8E884F5EEDAAFBA346F7B9534BD6C
                                                                                              SHA1:B3EDDE60994FF8BC8B93E7B3C1750CBEC46D0AEE
                                                                                              SHA-256:FFF496711D47A776115AE75C80CEA9C761372BF28484F6ACF1B9A4F43E6D951F
                                                                                              SHA-512:9F8C9BF5860911F4EDD03EB17F4657A14361CA659C5B194187FF98B77B2EFC5AF97F04700FC68E8C9253117567101CA545157DF49CD64311FBB57B98AE71ACDF
                                                                                              Malicious:false
                                                                                              Preview:{"type":"health","id":"49409584-9cbe-40a8-9057-948720249a2c","creationDate":"2024-09-05T14:23:55.175Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):53
                                                                                              Entropy (8bit):4.136624295551173
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                                              Malicious:false
                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):271
                                                                                              Entropy (8bit):5.489723704860785
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCIPQvptVngNzdDdCQ:vLz2S+EWDDoWqC5mcPK341PQvpnmd9
                                                                                              MD5:13660CDF9B0FD3047533E898399967C4
                                                                                              SHA1:E608553550CCF81AD57EA29F2D9EC224BA2B833E
                                                                                              SHA-256:B9C82F633EF34D497F1E0C7A758808C463B412707B74B55CED0AD265E544B085
                                                                                              SHA-512:28B9870DE252BAF8D25ABFA06634AE1001086F74C1B3797C7BA0B6434F6903FB553439B626F7FE7D4AA621C64273730F4C35B6CE45E54319BDABCCEC52EF4B9A
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725546191358,"startTim...#72159,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                              Download File
                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                                              Category:dropped
                                                                                              Size (bytes):271
                                                                                              Entropy (8bit):5.489723704860785
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCIPQvptVngNzdDdCQ:vLz2S+EWDDoWqC5mcPK341PQvpnmd9
                                                                                              MD5:13660CDF9B0FD3047533E898399967C4
                                                                                              SHA1:E608553550CCF81AD57EA29F2D9EC224BA2B833E
                                                                                              SHA-256:B9C82F633EF34D497F1E0C7A758808C463B412707B74B55CED0AD265E544B085
                                                                                              SHA-512:28B9870DE252BAF8D25ABFA06634AE1001086F74C1B3797C7BA0B6434F6903FB553439B626F7FE7D4AA621C64273730F4C35B6CE45E54319BDABCCEC52EF4B9A
                                                                                              Malicious:false
                                                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725546191358,"startTim...#72159,"recentCrashes":0},"global":{},"cookies":[]}

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):6.579609417653527
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:file.exe
                                                                                              File size:917'504 bytes
                                                                                              MD5:9174e680d1b0ea8cdb3ee932ec2dfc6f
                                                                                              SHA1:49ba7df579d1b30e9c4474ba6733748614ab5c68
                                                                                              SHA256:136d5473ded4b9a2bef3ef6160a377c0965b4e7292fb81980219ef8cc7d96cfd
                                                                                              SHA512:de67a3bbe4a4ebe5bce9e039d9a111ad65885baeb0a8da3412bf8694d1bbfddf39d2175478e69ae36395d5f550c457c899582d7388c0c1a39c0094c3de1f1d0a
                                                                                              SSDEEP:12288:UqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTP:UqDEvCTbMWu7rQYlBQcBiT6rprG8avP
                                                                                              TLSH:5F159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                              File Icon

                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x420577
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x66D9A2D9 [Thu Sep 5 12:23:53 2024 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:5
                                                                                              OS Version Minor:1
                                                                                              File Version Major:5
                                                                                              File Version Minor:1
                                                                                              Subsystem Version Major:5
                                                                                              Subsystem Version Minor:1
                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              call 00007F7CD4552373h
                                                                                              jmp 00007F7CD4551C7Fh
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F7CD4551E5Dh
                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              push dword ptr [ebp+08h]
                                                                                              mov esi, ecx
                                                                                              call 00007F7CD4551E2Ah
                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                              mov eax, ecx
                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              and dword ptr [eax], 00000000h
                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                              push eax
                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                              add eax, 04h
                                                                                              push eax
                                                                                              call 00007F7CD4554A1Dh
                                                                                              pop ecx
                                                                                              pop ecx
                                                                                              mov eax, esi
                                                                                              pop esi
                                                                                              pop ebp
                                                                                              retn 0004h
                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F7CD4554A68h
                                                                                              pop ecx
                                                                                              ret
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              push esi
                                                                                              mov esi, ecx
                                                                                              lea eax, dword ptr [esi+04h]
                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                              push eax
                                                                                              call 00007F7CD4554A51h
                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                              pop ecx

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rsrc0xd40000x95000x96000b86bf93844112ec489d12613fc5404fFalse0.28125data5.161452615375526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                              Imports

                                                                                              DLLImport
                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                              UxTheme.dllIsThemeActive
                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishGreat Britain

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 5, 2024 14:31:10.583182096 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:10.583219051 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:10.583563089 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:10.583852053 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:10.583868027 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:10.794188023 CEST49675443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:10.794188023 CEST49674443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:10.898035049 CEST49673443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:11.380575895 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.508107901 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.569082022 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.569104910 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.570683956 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.570708990 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.570750952 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.620259047 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.620403051 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.620820045 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.620831013 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.705738068 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.791856050 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.791958094 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.792010069 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.896100044 CEST49714443192.168.2.594.245.104.56
                                                                                              Sep 5, 2024 14:31:11.896128893 CEST4434971494.245.104.56192.168.2.5
                                                                                              Sep 5, 2024 14:31:12.482162952 CEST4434970323.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:12.482331038 CEST49703443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:13.557742119 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:13.557777882 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:13.557960033 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:13.558186054 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:13.558202028 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.192658901 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.207184076 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.207209110 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.207958937 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.207981110 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.208055019 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.208062887 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.208144903 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.208832979 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.237761021 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.237890005 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.237900019 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.237972021 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.397566080 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.397593021 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.454679966 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.454838037 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.454859972 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.457503080 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.457596064 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.457612038 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.463804960 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.463897943 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.463915110 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.470040083 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.470097065 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.470113039 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.476246119 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.476310968 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.476325035 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.482500076 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.482589006 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.482600927 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.489207029 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.489383936 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.489403963 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.495079041 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.495160103 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.495174885 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.541251898 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.541310072 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.541326046 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.543312073 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.543366909 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.543380022 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.549628019 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.549676895 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.549693108 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.555990934 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.556046963 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.556063890 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.571882963 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.571948051 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.571993113 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.571995974 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.572010040 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.572062969 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.575330973 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.575373888 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.575382948 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.581020117 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.581295967 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.581306934 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.587140083 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.587248087 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.587255955 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.593018055 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.593199015 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.593208075 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.598382950 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.598634005 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.598642111 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.603907108 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.604468107 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.604476929 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.609343052 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.609427929 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.609433889 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.616348028 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.616446972 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.616453886 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.621040106 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.621253967 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.621259928 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.625389099 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.625454903 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.625463009 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.630909920 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.631567955 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.631593943 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.634768009 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.634823084 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.634830952 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.638823986 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.638885021 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.638894081 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.642405987 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.642528057 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.642537117 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.645889044 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.646132946 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.646140099 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.649498940 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.649705887 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.649713039 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.652851105 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.652945042 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.652950048 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.656414986 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.656505108 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.656512022 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.659782887 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.660216093 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.660228968 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.663358927 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.663481951 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.663499117 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.666749954 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.666965961 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.666982889 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.670279980 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.670372963 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.670388937 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.673818111 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.674043894 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.674057007 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.677201986 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.677262068 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.677268028 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.682090044 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.682178020 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.682184935 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.684011936 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.684075117 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.684082031 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.687458992 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.687521935 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.687529087 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.691111088 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.691200018 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.691205978 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.694437981 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.694483995 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.694492102 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.698180914 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.698337078 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.698343039 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.701132059 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.701196909 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.701203108 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.704567909 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.704695940 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.704709053 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.707892895 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.707977057 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.707983017 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.711132050 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.711163044 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.711218119 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.711226940 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.711289883 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.714004040 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.716895103 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.716960907 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.716969013 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.717323065 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.717367887 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:14.717375994 CEST44349720142.250.185.65192.168.2.5
                                                                                              Sep 5, 2024 14:31:14.717483044 CEST49720443192.168.2.5142.250.185.65
                                                                                              Sep 5, 2024 14:31:15.214443922 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.214477062 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.214596033 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.215234995 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.215275049 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.215317011 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.215496063 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.215509892 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.215616941 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.215631962 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.340758085 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.340787888 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.341016054 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.341562986 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.341582060 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.629796982 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:15.629839897 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.629899025 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:15.637854099 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:15.637872934 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.638279915 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:15.638314962 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.638390064 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:15.645392895 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:15.645411968 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.697815895 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.698839903 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.698909998 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.698935986 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.699079037 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.699109077 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.700225115 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.700273037 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.700292110 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.700365067 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.704241991 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.704406977 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.704457045 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.704716921 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.704843044 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.704863071 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.744507074 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.813493013 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.813829899 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.814090014 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.820811033 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.820827961 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.821113110 CEST49725443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.821154118 CEST44349725172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.822057009 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.822129965 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.827052116 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.827153921 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.827821016 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.827832937 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.829782963 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.829868078 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.832742929 CEST49727443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:15.832762003 CEST44349727172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.937742949 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.937843084 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.938136101 CEST49729443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:31:15.938155890 CEST44349729162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.196367025 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.196367025 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.196407080 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.196419001 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.196494102 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.196494102 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.199877024 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.199877024 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.199896097 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.199911118 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.281498909 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.281755924 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.307473898 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.307504892 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.307919025 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.410270929 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.410532951 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:16.507179022 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.540498972 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.588501930 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.607739925 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:16.607780933 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.612099886 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:16.629597902 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:16.629626036 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.661595106 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.666373968 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.666389942 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.666805983 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.681288004 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.681410074 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.682003021 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.683361053 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.683391094 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.683861971 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.684869051 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.684983015 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.722296000 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.722407103 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.723488092 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.734225988 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.734225988 CEST49732443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:16.734251022 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.734261036 CEST443497322.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.807010889 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.896505117 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.896564007 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.910496950 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.032891989 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:17.032938957 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.033452034 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:17.035005093 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:17.035022974 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.090651989 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.091993093 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:17.124769926 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:17.124800920 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.125116110 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.125375986 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:17.125386953 CEST4434974235.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.126584053 CEST49742443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:17.157303095 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:17.164331913 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.165246010 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:17.171943903 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:17.176845074 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.246728897 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.246762991 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.246866941 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.247035027 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.247051001 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.621196985 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.660783052 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.666009903 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:17.712883949 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.712930918 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.726293087 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.726826906 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.726839066 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.740195036 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.742387056 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.742414951 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.742990971 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.743717909 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.748502016 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.757172108 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.762583017 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.762790918 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.762936115 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.802629948 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:17.803750992 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.803791046 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.804510117 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.816081047 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.817653894 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:17.817670107 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.864689112 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.864734888 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.864825964 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.864834070 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.873503923 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.873620033 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.873802900 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.873821020 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.873934984 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:17.873944044 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.889383078 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:17.889409065 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.889825106 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.916753054 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.916800022 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.916831970 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.916857958 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.916882992 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.918284893 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.923646927 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.923681021 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.923691988 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.938546896 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:17.995086908 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:18.009924889 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.009979963 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010009050 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010035992 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010080099 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010108948 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010135889 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010185003 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010209084 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010272980 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010967970 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.010998011 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:18.018614054 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:18.091922998 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:18.100070000 CEST49746443192.168.2.5142.251.40.174
                                                                                              Sep 5, 2024 14:31:18.100106001 CEST44349746142.251.40.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.132503033 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.273905039 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.274002075 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.277359009 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:18.334635019 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.335428953 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380337000 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.380356073 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380424023 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.380429983 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380964041 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380979061 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380984068 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380987883 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.381697893 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.381719112 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.382715940 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.383953094 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.383953094 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.383964062 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.383974075 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.386688948 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.418952942 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.418976068 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.419420958 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.419559002 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.419599056 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.419670105 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.420103073 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.420149088 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.420166016 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.420351982 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.421673059 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.425559044 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:18.425585985 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.425611973 CEST49744443192.168.2.52.18.97.153
                                                                                              Sep 5, 2024 14:31:18.425617933 CEST443497442.18.97.153192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.427989006 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.428076982 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.429615021 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.429627895 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.464504957 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.464519024 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.493119955 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.505369902 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.505386114 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.506556988 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.506568909 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.507462978 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.507462978 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.507483959 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.507496119 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.510164022 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.510246992 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.510360003 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.533834934 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.533863068 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.533871889 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.533899069 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.533915997 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.533926964 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.537342072 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.537355900 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.537415028 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.537415028 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.542532921 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.542553902 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.552503109 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.555716991 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.555716991 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.558029890 CEST49750443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.558052063 CEST44349750142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.558607101 CEST49749443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.558613062 CEST44349749142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.695316076 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.695337057 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794636011 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794648886 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794687986 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794703960 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794715881 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.794728994 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.795274973 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.795289993 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.795330048 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.795337915 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.795345068 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801441908 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801476955 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801482916 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801500082 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801507950 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801515102 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801528931 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801533937 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801534891 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801548004 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801554918 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801559925 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801565886 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801569939 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801570892 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801570892 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801579952 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801588058 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801593065 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801601887 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.801628113 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801636934 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801645041 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801671028 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.801681995 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802846909 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802853107 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802876949 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802886009 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802889109 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.802900076 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.806087971 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.806102037 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.806123972 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.808331013 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.809904099 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.809930086 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.809951067 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.809967041 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.809981108 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.810318947 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.810326099 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.810338020 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.810348988 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.810367107 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.810374022 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.814402103 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.814456940 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.815500021 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.815521002 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.815532923 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.815562010 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.825330973 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.825351000 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.825362921 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.825381041 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.825400114 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.827322006 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.835920095 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.840918064 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.844880104 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.844955921 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.892780066 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.892807007 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.893098116 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.893177032 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.893707037 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.893724918 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.894382954 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.894401073 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.894799948 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.894881964 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.898293972 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.898344040 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.898463011 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.898479939 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.901201963 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.901218891 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.905903101 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.908431053 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.911125898 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:18.911143064 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.911545992 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.923582077 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.932456970 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.952436924 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.965713978 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.965729952 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.965857029 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.966336012 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.967674971 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.967705011 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.968024969 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.968034029 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.968882084 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.968960047 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.969155073 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.969183922 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.969279051 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.969291925 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.972572088 CEST49747443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:18.972594976 CEST4434974713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.977951050 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.977977037 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985168934 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985214949 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985691071 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985713005 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985841990 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.985861063 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.986030102 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.986078978 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.986124992 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.993058920 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.003947020 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.003977060 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.004015923 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.005996943 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.006138086 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.006138086 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.006156921 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.006211042 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.006237984 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.030725956 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.036856890 CEST49748443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.036871910 CEST4434974813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.081254005 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.081299067 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.081407070 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.082246065 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.082257986 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.115098953 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.115145922 CEST4434975513.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.129637003 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.145880938 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.145905018 CEST4434975513.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.261346102 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:19.266282082 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.267710924 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:19.268112898 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:19.272912025 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.348014116 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.348109961 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.353399038 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.359184980 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.359184980 CEST49733443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.359210014 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.359220982 CEST4434973340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.419465065 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.419512987 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.427119017 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.437134027 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.437793016 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.437818050 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.438280106 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.438294888 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.438718081 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.438750982 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.438756943 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.439013958 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.439049006 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.439210892 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.439258099 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.439506054 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.441370010 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.441411018 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.441575050 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.441582918 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.444498062 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.445123911 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445231915 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445241928 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.445242882 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445503950 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.445503950 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445677042 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445724010 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445735931 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.445873022 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445892096 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.445964098 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.445976019 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.446255922 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.446346998 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.446371078 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.446388960 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.446511030 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:19.446521044 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.458734989 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.461673975 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.461688995 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.462184906 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.462338924 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.462919950 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.463161945 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.463356018 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.463433027 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.491739988 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.491763115 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.529813051 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.529853106 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.530064106 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.530277967 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:19.530296087 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.545491934 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.556983948 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.557010889 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.558311939 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.559063911 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.560120106 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.560204983 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.560306072 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.604490995 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661253929 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661294937 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661341906 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661390066 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661453962 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.661458969 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.661547899 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.663858891 CEST49753443192.168.2.5142.251.35.164
                                                                                              Sep 5, 2024 14:31:19.663887024 CEST44349753142.251.35.164192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.672501087 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.679413080 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.692363024 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.722003937 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.844767094 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:20.078335047 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.080172062 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.081151962 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.081173897 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.081185102 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.081212044 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.081221104 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.081376076 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.081391096 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.081777096 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.082343102 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.082407951 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.082442045 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.082583904 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.082602024 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.082649946 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.082657099 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.083112955 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.083194971 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.083403111 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.083468914 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.083515882 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.083563089 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.110328913 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.110553980 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.111586094 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.111596107 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.111689091 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.111696005 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.112754107 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.112833977 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.112848997 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.113023996 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.113421917 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.113497972 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.113724947 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.113794088 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.113874912 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.113894939 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.126705885 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.126722097 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.128499031 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.128499031 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.156510115 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.160501003 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.179301977 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.179569006 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.179583073 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.180130959 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.180151939 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.180162907 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.180653095 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.181122065 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.182452917 CEST49761443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.182468891 CEST4434976113.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.182784081 CEST49766443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.182815075 CEST4434976613.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.183060884 CEST49759443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.183085918 CEST4434975913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.183294058 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.183315039 CEST4434976713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.183726072 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.183789968 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.185324907 CEST49766443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.185441971 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.185441971 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.185734034 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.185746908 CEST4434976713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.185853004 CEST49766443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.185864925 CEST4434976613.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.187728882 CEST49760443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.187736034 CEST4434976013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194225073 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.194274902 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.194314003 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194339037 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.194344997 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194366932 CEST49766443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.194431067 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.194467068 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.194506884 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.194546938 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194552898 CEST44349737172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194582939 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194600105 CEST44349738172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194765091 CEST44349752142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.194968939 CEST44349751142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.195070028 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.195086956 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.195190907 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.195202112 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.195344925 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.195350885 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.198149920 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.198163033 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.198184013 CEST49737443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.198184013 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.198184013 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.198204041 CEST49738443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.199937105 CEST49752443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.199950933 CEST49751443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:20.200007915 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.200007915 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.200351000 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.201275110 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.201286077 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.201380014 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.201400042 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.201491117 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.201505899 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.207600117 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.207617998 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.211703062 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:20.213807106 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.213866949 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.215851068 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.216741085 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.216804028 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.216901064 CEST49758443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.216912985 CEST4434975813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.218381882 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.219455957 CEST49762443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.219464064 CEST4434976213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.236504078 CEST4434976713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.236515045 CEST4434976613.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.238735914 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.238769054 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.238874912 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.239135027 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:20.239151001 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.240497112 CEST4434975513.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.294737101 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.295350075 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:20.295367956 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.296405077 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:20.296411037 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.296474934 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:20.296494961 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.304462910 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.015427113 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.015465975 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.015866995 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.018012047 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.018050909 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.018106937 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.168222904 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.171569109 CEST4434975513.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.171761990 CEST4434975513.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.172406912 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.172406912 CEST49755443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.176301003 CEST4434976713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.176415920 CEST4434976713.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.176551104 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.176582098 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.176644087 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.176644087 CEST49767443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.177808046 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.177932024 CEST4434976613.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.177964926 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.177995920 CEST49766443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.181792974 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.182228088 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.182619095 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.182917118 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.183048010 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.183137894 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.184134007 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.184149981 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.184348106 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.184364080 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.184495926 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.184503078 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.184546947 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.184933901 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.185003996 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.185194016 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.185480118 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.185841084 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.185965061 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.185969114 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.186302900 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.186381102 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.186793089 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.186894894 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.187280893 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.187313080 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.187410116 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.187510967 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.187553883 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.187813044 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.187829018 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.224512100 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.228498936 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.228509903 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.232496977 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.271127939 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.271218061 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.278714895 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.278798103 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.281517982 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.281519890 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.288213968 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.288499117 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.289038897 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.289061069 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.289778948 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.289861917 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.296277046 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.296308994 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.296407938 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.296441078 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.296485901 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.298242092 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.299329996 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.364901066 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.364938021 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.364950895 CEST49757443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:21.364959955 CEST4434975740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379440069 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379452944 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379488945 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379512072 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379519939 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.379529953 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381237984 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381246090 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381268978 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381277084 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381282091 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.381295919 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.382559061 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.397562027 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.397578001 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.401607037 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.469371080 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.469383955 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.469434977 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.469961882 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.469973087 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.470005035 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.470488071 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.470586061 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.471899033 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.475965977 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.496077061 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.591140032 CEST49772443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.591178894 CEST4434977213.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.591686010 CEST49770443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.591691971 CEST4434977013.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.591931105 CEST49769443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.591936111 CEST4434976913.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.607862949 CEST49768443192.168.2.513.107.246.40
                                                                                              Sep 5, 2024 14:31:21.607882977 CEST4434976813.107.246.40192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.767333031 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.770071983 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.770092964 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.771203995 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.771321058 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.772461891 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.772559881 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.772641897 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:21.816499949 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.980513096 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.992147923 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:22.064630032 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064693928 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064701080 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064743996 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064760923 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064771891 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.064781904 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:22.065351963 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:22.065936089 CEST49773443192.168.2.5152.195.19.97
                                                                                              Sep 5, 2024 14:31:22.065953016 CEST44349773152.195.19.97192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.074054003 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.074078083 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.074202061 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.075292110 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.075305939 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.478476048 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.478496075 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.478866100 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.478878021 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.482834101 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.482834101 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.483675957 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.483691931 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.483721018 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.483728886 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.639245987 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.639275074 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.639306068 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.639534950 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.639554977 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.639756918 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.640944958 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.640944958 CEST49763443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.640975952 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.640985966 CEST4434976340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.724602938 CEST49703443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:22.724725008 CEST49703443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:22.729497910 CEST4434970323.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.729513884 CEST4434970323.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.749260902 CEST49779443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:22.749310970 CEST4434977923.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.749713898 CEST49779443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:22.750843048 CEST49779443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:22.750855923 CEST4434977923.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.834125996 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.834188938 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.834260941 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.834453106 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:22.834470034 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.873691082 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.873764038 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.875622988 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.875636101 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.875929117 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.939258099 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:22.941450119 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.941797018 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.941808939 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.942173958 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.943350077 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.943432093 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.944236994 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.944451094 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.944459915 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.944818974 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.945302963 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.945358992 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.980499983 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.991647005 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.007114887 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.203275919 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203294039 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203301907 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203315020 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203322887 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203329086 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203381062 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:23.203397036 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.203493118 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:23.204163074 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.204257011 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.204497099 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:23.215260029 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:23.215295076 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.215308905 CEST49775443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:23.215315104 CEST4434977520.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.335907936 CEST4434977923.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.335989952 CEST49779443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:23.601669073 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.602189064 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:23.602209091 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.605645895 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:23.605655909 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.639961958 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:23.640002012 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.485416889 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.485443115 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.485481977 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.485629082 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.485852003 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.488684893 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.488709927 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.488722086 CEST49780443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.488728046 CEST4434978040.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.592783928 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.592797041 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:24.592899084 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.593086004 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:24.593096018 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.361942053 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.362896919 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.362917900 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.364715099 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.364721060 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.364842892 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.364856958 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.666667938 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.666692972 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.666739941 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.666857958 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.666857958 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.666871071 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.667068958 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.667267084 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.667370081 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.667370081 CEST49782443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.667383909 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.667395115 CEST4434978240.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.794701099 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.794751883 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:25.794846058 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.795006990 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:25.795018911 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:26.583285093 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:26.584242105 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:26.584280968 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:26.585016966 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:26.585026026 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:26.595160007 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:26.595180988 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.007636070 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.007652998 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.007725000 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.007796049 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.008133888 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.008152962 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.008162975 CEST49783443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.008168936 CEST4434978340.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.058501959 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.058536053 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.058846951 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.059114933 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.059120893 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.059139967 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.059163094 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.059372902 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.059828043 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:27.059839010 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.642324924 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:27.837179899 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.003557920 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.004308939 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.004329920 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.005744934 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.007709980 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.007725000 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.010086060 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.010093927 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.010113955 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.010122061 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.022200108 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.022200108 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.022212029 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.022228003 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379512072 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379528999 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379589081 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.379611969 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379626036 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379714012 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.379957914 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.379981995 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.379996061 CEST49784443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.380001068 CEST4434978440.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.872912884 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.872945070 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.872986078 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.873076916 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.873255014 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.873820066 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.873820066 CEST49785443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:28.873842955 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:28.873853922 CEST4434978540.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.003942966 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.003985882 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.004096985 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.004282951 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.004295111 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.728250980 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:29.733282089 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.783984900 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.784810066 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.784823895 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.785583019 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.785588980 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:29.785620928 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:29.785631895 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.134820938 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.134854078 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.134884119 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.134927034 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.134942055 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.134982109 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.135194063 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.135416031 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.135452986 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.135468006 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.135474920 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.136826038 CEST49786443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.136837006 CEST4434978640.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.233135939 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.233184099 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:30.236377954 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.236669064 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:30.236695051 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.464822054 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.466460943 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.466489077 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.467207909 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.467216969 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.467256069 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.467263937 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.791544914 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.791567087 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.791620970 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.791692972 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.794617891 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.795103073 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.795129061 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:31.795145035 CEST49787443192.168.2.540.126.31.69
                                                                                              Sep 5, 2024 14:31:31.795150995 CEST4434978740.126.31.69192.168.2.5
                                                                                              Sep 5, 2024 14:31:37.850349903 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:38.030441046 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:38.030523062 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:38.030685902 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:38.030745983 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:38.030807972 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:38.031094074 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:38.032438993 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:39.738941908 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:39.743835926 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:42.491916895 CEST4434977923.1.237.91192.168.2.5
                                                                                              Sep 5, 2024 14:31:42.492017031 CEST49779443192.168.2.523.1.237.91
                                                                                              Sep 5, 2024 14:31:45.331043005 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.331094980 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.331300020 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.331485987 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.331506968 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.332336903 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.332365036 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.332583904 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.332739115 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.332756042 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.364626884 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.364656925 CEST4434979035.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.364869118 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.366444111 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.366456985 CEST4434979035.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.652467966 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:45.652523041 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.652714014 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:45.669226885 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:45.669256926 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.795464993 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.795598030 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.798681974 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.798696041 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.799041986 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.800641060 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.800790071 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.800823927 CEST4434978935.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.800940037 CEST49789443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:45.801918983 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.801953077 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.806868076 CEST804975634.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.806946039 CEST4975680192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.807276011 CEST804974534.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.807853937 CEST4974580192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.813021898 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.813114882 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.816087961 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.816101074 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.816369057 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.817395926 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.818640947 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.818783998 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.818865061 CEST4434978834.149.100.209192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.818921089 CEST49788443192.168.2.534.149.100.209
                                                                                              Sep 5, 2024 14:31:45.822248936 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.822335958 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.822501898 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:45.827289104 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.829478025 CEST4434979035.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.829552889 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.832993031 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.832998991 CEST4434979035.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.833065987 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:45.833503962 CEST4434979035.190.72.216192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.833595991 CEST49790443192.168.2.535.190.72.216
                                                                                              Sep 5, 2024 14:31:46.267205000 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.272947073 CEST4979380192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.278229952 CEST804979334.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.278305054 CEST4979380192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.278476000 CEST4979380192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.283308983 CEST804979334.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.310944080 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.423587084 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.423722029 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.427174091 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.427201986 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.427468061 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.429521084 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.429641008 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.429724932 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.436500072 CEST4434979152.222.236.23192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.440160990 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.440213919 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.442584038 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.442584038 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.442584038 CEST49791443192.168.2.552.222.236.23
                                                                                              Sep 5, 2024 14:31:46.442619085 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.443033934 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.443048000 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.452511072 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.453872919 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.453919888 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.454015970 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.454123020 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.454142094 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.457304955 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.461270094 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.461292982 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.461378098 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.461464882 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.461472988 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.547333002 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.548151970 CEST4979380192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.551464081 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.556302071 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.556376934 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.556524992 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.561485052 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.595146894 CEST804979334.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.596224070 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.640414953 CEST804979334.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.640505075 CEST4979380192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.898155928 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.902370930 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.905421019 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.905435085 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.905736923 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.907835960 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.907974958 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.908056974 CEST4434979435.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.908099890 CEST49794443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.910254002 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.910641909 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.913665056 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.913688898 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.913800955 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:46.913980961 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.916728973 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.916807890 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.916929960 CEST4434979535.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.918438911 CEST49795443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.919553041 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.923051119 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.923157930 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.925580978 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.925590038 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.925843954 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.928575039 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.928642035 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:46.928759098 CEST4434979635.244.181.201192.168.2.5
                                                                                              Sep 5, 2024 14:31:46.929424047 CEST49796443192.168.2.535.244.181.201
                                                                                              Sep 5, 2024 14:31:47.008918047 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:47.008935928 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:47.014643908 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:47.019593954 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:47.059957027 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:47.110061884 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:47.160340071 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:57.025456905 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:57.030344009 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:57.125850916 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:31:57.131638050 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:31:59.928324938 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:59.928355932 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:31:59.928442955 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:59.928774118 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:31:59.928782940 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:00.713922024 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:00.714083910 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:00.715356112 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:00.715368032 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:00.715702057 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:00.717192888 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:00.760498047 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.316898108 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.316930056 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.316950083 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.317034960 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.317064047 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.317075968 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.317085981 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.317135096 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.317153931 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.317154884 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.317198038 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.320631027 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.320664883 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:01.320679903 CEST49799443192.168.2.520.114.59.183
                                                                                              Sep 5, 2024 14:32:01.320686102 CEST4434979920.114.59.183192.168.2.5
                                                                                              Sep 5, 2024 14:32:07.041446924 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:07.147120953 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:08.048376083 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:08.148833990 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:09.057811022 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:09.057821989 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:09.317332983 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:09.317346096 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:10.119781971 CEST49778443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:10.119811058 CEST44349778172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:10.119829893 CEST49777443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:10.119837046 CEST44349777172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.788948059 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.789002895 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.790014982 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.790036917 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.791683912 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.791824102 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.791824102 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.791851997 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.791987896 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:16.792000055 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.262979984 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.263051033 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.267379045 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.267396927 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.267782927 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.270286083 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.270452023 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.270509005 CEST4434980134.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.270601988 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.270634890 CEST49801443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.278687000 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.278969049 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.282068968 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.282088995 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.282361031 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.284933090 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.285032988 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.285129070 CEST4434980234.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.285187960 CEST49802443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.480300903 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:17.485124111 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.559628010 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.559684038 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.560185909 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.560210943 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.560504913 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.560626030 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.560632944 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.560652018 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.560726881 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.560750961 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.574135065 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.574172020 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.574237108 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.574374914 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:17.574387074 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.579765081 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.622330904 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:18.024344921 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:18.031439066 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.035864115 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.035932064 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.039628029 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.039639950 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.039984941 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.042675018 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.042767048 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.042922020 CEST4434980334.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.043138981 CEST49803443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.046740055 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.046916008 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.050080061 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.050105095 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.050616026 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.052946091 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.053073883 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.053138018 CEST4434980434.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.055645943 CEST49804443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.055741072 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.055829048 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.058864117 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.058877945 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.059187889 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.061146021 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.061239958 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.061345100 CEST4434980534.120.208.123192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.061856985 CEST49805443192.168.2.534.120.208.123
                                                                                              Sep 5, 2024 14:32:18.123671055 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:18.177381992 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:18.241823912 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:18.246757030 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.333821058 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.334191084 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.334420919 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.334898949 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.335086107 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:19.335119963 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:19.335119963 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:19.586798906 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:19.591742039 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.682519913 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.744349003 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:29.339152098 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:29.343991041 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:29.696553946 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:29.701513052 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:39.351589918 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:39.358076096 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:39.714960098 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:39.719947100 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:49.378036022 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:49.382986069 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:49.721178055 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:49.726011038 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:59.393095016 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:59.398025990 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:32:59.738333941 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:32:59.743380070 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:33:09.413958073 CEST4979280192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:33:09.418843031 CEST804979234.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:33:09.746057034 CEST4979780192.168.2.534.107.221.82
                                                                                              Sep 5, 2024 14:33:09.752116919 CEST804979734.107.221.82192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.624104023 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:12.624140978 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.624198914 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:12.624471903 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:12.624492884 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.083621025 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.083931923 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.083950996 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.084292889 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.085453033 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.085525990 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.085598946 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.128504992 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.140671968 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.215207100 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.215308905 CEST4434980623.55.235.170192.168.2.5
                                                                                              Sep 5, 2024 14:33:13.215356112 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.215517044 CEST49806443192.168.2.523.55.235.170
                                                                                              Sep 5, 2024 14:33:13.215538025 CEST4434980623.55.235.170192.168.2.5

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Sep 5, 2024 14:31:10.383079052 CEST53548611.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:11.888741016 CEST6481053192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:11.888932943 CEST5060353192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:13.213583946 CEST53572351.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:13.549218893 CEST5875353192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:13.549374104 CEST6146853192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:13.555888891 CEST53587531.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:13.557264090 CEST53614681.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:13.692260027 CEST53567871.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.196450949 CEST5705853192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.196909904 CEST6193753192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.197289944 CEST6349553192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.197447062 CEST6453453192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.213361979 CEST53570581.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.213376045 CEST53634951.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.213576078 CEST53645341.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.213603973 CEST53619371.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.322138071 CEST5788653192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.328986883 CEST53578861.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.332880020 CEST5841053192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:15.340338945 CEST53584101.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:15.893424034 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.195667028 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.345561028 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.345686913 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.345782995 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.345794916 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.345849037 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.346421003 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.350399017 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.354710102 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.354831934 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.391937971 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.392757893 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.448385954 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.448534966 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.448544979 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.448554039 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.449059963 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.449172020 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.487411976 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.488320112 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.488584995 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.493052006 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.542711020 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.583769083 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:16.607791901 CEST5663153192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:16.615076065 CEST53566311.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:16.652558088 CEST4961653192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:16.660176992 CEST53496161.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.143753052 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.144001007 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.144551992 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.144654989 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.146888971 CEST5439953192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:17.174249887 CEST5972653192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:17.181586981 CEST53597261.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.200407982 CEST5630153192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:17.208280087 CEST53563011.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.237634897 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.237909079 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.239557981 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.240355015 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.241041899 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.241203070 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.241213083 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.242481947 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.245512009 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.332874060 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.333646059 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.334563971 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.334575891 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.364501953 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.446856976 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.446948051 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.666213036 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.687109947 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.688843966 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.689255953 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.712203979 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.761275053 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.765022039 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.765064955 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:17.862534046 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.862885952 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.863063097 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:17.864063025 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:18.252717972 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:18.252806902 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:18.347364902 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.348198891 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.348820925 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:18.380625963 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:18.560846090 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.967235088 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:18.972239017 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:18.972503901 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:19.012490034 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.018129110 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.018731117 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.026563883 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.036659956 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.063175917 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.063201904 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.067579985 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.070148945 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.070278883 CEST44350303172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.074302912 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.075421095 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.078660965 CEST50303443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:19.143173933 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.143341064 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.143583059 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.143822908 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.143822908 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.143942118 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.219981909 CEST5352853192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:19.233261108 CEST53535281.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.235687971 CEST5262153192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:19.238634109 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.238703012 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.240328074 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.240746021 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.240757942 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.242644072 CEST53526211.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.242945910 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.248789072 CEST6080753192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:19.269646883 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.270888090 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.270898104 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.272852898 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:19.278338909 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.278446913 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.306494951 CEST55010443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:19.373717070 CEST44355010142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.196228981 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.200731039 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.200963974 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.201039076 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.586334944 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.985239983 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.985301018 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.985312939 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.985322952 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.985332966 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:20.985846043 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.985980988 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.986232042 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:20.986326933 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:21.083432913 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.085180998 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:21.183988094 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.185199022 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.185564041 CEST44357002172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:21.186489105 CEST57002443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.477701902 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.791291952 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.930818081 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.930875063 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.931144953 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.931165934 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.931179047 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:22.931411982 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.933197975 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.933341980 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.933585882 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:22.933705091 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.031001091 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.031075954 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.031086922 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.031096935 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.031639099 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.031785965 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.031903982 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.032774925 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.033442974 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.033648968 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:23.129504919 CEST44362539172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:31:23.161179066 CEST62539443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:31:26.990864992 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:26.992189884 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.830512047 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.830540895 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.830698013 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.831302881 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.831510067 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.831866980 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.831866980 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.930093050 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.931210995 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.931318998 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.931694031 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:27.983566046 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.984344006 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:27.986465931 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:28.021832943 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:28.110181093 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.322469950 CEST5761953192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.330091953 CEST53576191.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.331146955 CEST5937153192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.332602978 CEST5465953192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.339097023 CEST53593711.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.339777946 CEST5294353192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.341106892 CEST53546591.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.341634989 CEST5520153192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.346632004 CEST53529431.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.348347902 CEST53552011.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.644339085 CEST5627053192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.651422977 CEST53562701.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.652791977 CEST6285253192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.660957098 CEST53628521.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.661566019 CEST5794653192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:45.668610096 CEST53579461.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:31:45.807794094 CEST6177753192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:31:48.171822071 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.252531052 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.295562983 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.297172070 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.297600031 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.301697016 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.334197044 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.377063990 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.379966021 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.380537987 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.382116079 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.418756962 CEST58579443192.168.2.5142.250.65.174
                                                                                              Sep 5, 2024 14:31:48.424726963 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:31:48.505256891 CEST44358579142.250.65.174192.168.2.5
                                                                                              Sep 5, 2024 14:32:14.427546024 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:14.427771091 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:14.427957058 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:14.428160906 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:14.991177082 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:14.992506027 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:14.993194103 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.029537916 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.087311029 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.087327003 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.087336063 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.087346077 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.087790966 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.087865114 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.182609081 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.183370113 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.278419018 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.279282093 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.280071020 CEST44349362172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.280330896 CEST49362443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:32:15.281572104 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.588378906 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.734874964 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.737657070 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.737677097 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.737694025 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.737730026 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.738286972 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.741426945 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.741575956 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.853657007 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.853703022 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.853713989 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.853724003 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.853734016 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:15.854252100 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.854499102 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:15.953514099 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.790663004 CEST6083753192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:32:16.798422098 CEST53608371.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:32:16.799101114 CEST6132353192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:32:16.807131052 CEST53613231.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:32:17.480218887 CEST6550653192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:32:18.295732021 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:18.297012091 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:18.995717049 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:19.781609058 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.782695055 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.784163952 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.784209967 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.784218073 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.784331083 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.784502983 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:19.785487890 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:19.884887934 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.884900093 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:19.885298967 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:19.909413099 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:20.003673077 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:20.258097887 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:20.258135080 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:20.258261919 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:20.258905888 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:20.296829939 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:20.319581985 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:20.320028067 CEST62216443192.168.2.564.233.180.84
                                                                                              Sep 5, 2024 14:32:20.394623995 CEST4436221664.233.180.84192.168.2.5
                                                                                              Sep 5, 2024 14:32:35.854770899 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:35.888689995 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:36.371079922 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:32:36.405198097 CEST52421443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:32:45.896843910 CEST4435242123.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:11.885484934 CEST6489853192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:33:11.885696888 CEST6361253192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:33:11.892602921 CEST53636121.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:33:11.892676115 CEST53648981.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:33:11.897384882 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:11.897537947 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:11.897819996 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:11.897916079 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.338416100 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.339224100 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.369786978 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.433048964 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.433126926 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.433140039 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.433151960 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.433506012 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.433563948 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.527326107 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.527646065 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:12.622225046 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.622900963 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.623034954 CEST44354821162.159.61.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:12.623454094 CEST54821443192.168.2.5162.159.61.3
                                                                                              Sep 5, 2024 14:33:14.144351006 CEST5748453192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:33:14.144443035 CEST5421853192.168.2.51.1.1.1
                                                                                              Sep 5, 2024 14:33:14.151952028 CEST53574841.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.151976109 CEST53542181.1.1.1192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.152899981 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.152985096 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.153146982 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.153209925 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.492408991 CEST52645443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:33:14.544650078 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.617069006 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.617568016 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.642437935 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.642463923 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.642476082 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.642479897 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.642745972 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.642828941 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.642896891 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.715063095 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.740106106 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.740606070 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.839399099 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.840359926 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.840720892 CEST44350651172.64.41.3192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.840883970 CEST50651443192.168.2.5172.64.41.3
                                                                                              Sep 5, 2024 14:33:14.938739061 CEST4435264523.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.939245939 CEST4435264523.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:14.939975023 CEST52645443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:33:15.034384012 CEST4435264523.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:15.034413099 CEST4435264523.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:15.034424067 CEST4435264523.59.250.72192.168.2.5
                                                                                              Sep 5, 2024 14:33:15.034761906 CEST52645443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:33:15.061726093 CEST52645443192.168.2.523.59.250.72
                                                                                              Sep 5, 2024 14:33:15.133060932 CEST4435264523.59.250.72192.168.2.5

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Sep 5, 2024 14:31:11.888741016 CEST192.168.2.51.1.1.10xa977Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:11.888932943 CEST192.168.2.51.1.1.10x4a9cStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:13.549218893 CEST192.168.2.51.1.1.10x92bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:13.549374104 CEST192.168.2.51.1.1.10xcb70Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.196450949 CEST192.168.2.51.1.1.10x4714Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.196909904 CEST192.168.2.51.1.1.10x865fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.197289944 CEST192.168.2.51.1.1.10xfd39Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.197447062 CEST192.168.2.51.1.1.10x9edbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.322138071 CEST192.168.2.51.1.1.10x3c0cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.332880020 CEST192.168.2.51.1.1.10x1004Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:16.607791901 CEST192.168.2.51.1.1.10x731fStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:16.652558088 CEST192.168.2.51.1.1.10xc732Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.146888971 CEST192.168.2.51.1.1.10xe73Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.174249887 CEST192.168.2.51.1.1.10x54c8Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.200407982 CEST192.168.2.51.1.1.10x5a6fStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.219981909 CEST192.168.2.51.1.1.10xb139Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.235687971 CEST192.168.2.51.1.1.10x39c7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.248789072 CEST192.168.2.51.1.1.10x716cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.322469950 CEST192.168.2.51.1.1.10x35c0Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.331146955 CEST192.168.2.51.1.1.10xa617Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.332602978 CEST192.168.2.51.1.1.10x37ccStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.339777946 CEST192.168.2.51.1.1.10xba4eStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.341634989 CEST192.168.2.51.1.1.10xef61Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.644339085 CEST192.168.2.51.1.1.10x236eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.652791977 CEST192.168.2.51.1.1.10x26e0Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.661566019 CEST192.168.2.51.1.1.10xb6b8Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.807794094 CEST192.168.2.51.1.1.10x3c47Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:16.790663004 CEST192.168.2.51.1.1.10xcc85Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:16.799101114 CEST192.168.2.51.1.1.10xd63bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:17.480218887 CEST192.168.2.51.1.1.10x513fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:11.885484934 CEST192.168.2.51.1.1.10x4ea5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:11.885696888 CEST192.168.2.51.1.1.10x828eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:14.144351006 CEST192.168.2.51.1.1.10x2b58Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:14.144443035 CEST192.168.2.51.1.1.10x176eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Sep 5, 2024 14:31:10.580286980 CEST1.1.1.1192.168.2.50x83b4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:10.580579996 CEST1.1.1.1192.168.2.50xacNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:10.580579996 CEST1.1.1.1192.168.2.50xacNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:11.896754980 CEST1.1.1.1192.168.2.50xa977No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:11.897464991 CEST1.1.1.1192.168.2.50x4a9cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:13.555888891 CEST1.1.1.1192.168.2.50x92bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:13.555888891 CEST1.1.1.1192.168.2.50x92bNo error (0)googlehosted.l.googleusercontent.com142.250.185.65A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:13.557264090 CEST1.1.1.1192.168.2.50xcb70No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:14.740678072 CEST1.1.1.1192.168.2.50xe6fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:14.741044998 CEST1.1.1.1192.168.2.50x3f8bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:14.741044998 CEST1.1.1.1192.168.2.50x3f8bNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213361979 CEST1.1.1.1192.168.2.50x4714No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213361979 CEST1.1.1.1192.168.2.50x4714No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213376045 CEST1.1.1.1192.168.2.50xfd39No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213376045 CEST1.1.1.1192.168.2.50xfd39No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213576078 CEST1.1.1.1192.168.2.50x9edbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.213603973 CEST1.1.1.1192.168.2.50x865fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.328986883 CEST1.1.1.1192.168.2.50x3c0cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.328986883 CEST1.1.1.1192.168.2.50x3c0cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.340338945 CEST1.1.1.1192.168.2.50x1004No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.766575098 CEST1.1.1.1192.168.2.50x5290No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.766575098 CEST1.1.1.1192.168.2.50x5290No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:15.767824888 CEST1.1.1.1192.168.2.50x6a2No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:16.597496033 CEST1.1.1.1192.168.2.50xcc4eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:16.615076065 CEST1.1.1.1192.168.2.50x731fNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.154386044 CEST1.1.1.1192.168.2.50xe73No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.154386044 CEST1.1.1.1192.168.2.50xe73No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.181586981 CEST1.1.1.1192.168.2.50x54c8No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.208280087 CEST1.1.1.1192.168.2.50x5a6fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.797919035 CEST1.1.1.1192.168.2.50x673No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:17.797919035 CEST1.1.1.1192.168.2.50x673No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:18.856323957 CEST1.1.1.1192.168.2.50x673No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:18.856323957 CEST1.1.1.1192.168.2.50x673No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.233261108 CEST1.1.1.1192.168.2.50xb139No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.242644072 CEST1.1.1.1192.168.2.50x39c7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.242644072 CEST1.1.1.1192.168.2.50x39c7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.255496979 CEST1.1.1.1192.168.2.50x716cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.255496979 CEST1.1.1.1192.168.2.50x716cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.861891985 CEST1.1.1.1192.168.2.50x673No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:19.861891985 CEST1.1.1.1192.168.2.50x673No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:22.067835093 CEST1.1.1.1192.168.2.50x673No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:22.067835093 CEST1.1.1.1192.168.2.50x673No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:26.240432024 CEST1.1.1.1192.168.2.50x673No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:26.240432024 CEST1.1.1.1192.168.2.50x673No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.330091953 CEST1.1.1.1192.168.2.50x35c0No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.330091953 CEST1.1.1.1192.168.2.50x35c0No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.331311941 CEST1.1.1.1192.168.2.50xe1a8No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.331311941 CEST1.1.1.1192.168.2.50xe1a8No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.339097023 CEST1.1.1.1192.168.2.50xa617No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.341106892 CEST1.1.1.1192.168.2.50x37ccNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.651422977 CEST1.1.1.1192.168.2.50x236eNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.651422977 CEST1.1.1.1192.168.2.50x236eNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.651422977 CEST1.1.1.1192.168.2.50x236eNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.651422977 CEST1.1.1.1192.168.2.50x236eNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.660957098 CEST1.1.1.1192.168.2.50x26e0No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.660957098 CEST1.1.1.1192.168.2.50x26e0No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.660957098 CEST1.1.1.1192.168.2.50x26e0No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.660957098 CEST1.1.1.1192.168.2.50x26e0No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.814603090 CEST1.1.1.1192.168.2.50x3c47No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:45.814603090 CEST1.1.1.1192.168.2.50x3c47No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:46.460437059 CEST1.1.1.1192.168.2.50xea52No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:46.460437059 CEST1.1.1.1192.168.2.50xea52No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:46.923386097 CEST1.1.1.1192.168.2.50x45abNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:31:46.923386097 CEST1.1.1.1192.168.2.50x45abNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:16.786174059 CEST1.1.1.1192.168.2.50xf8e5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:16.798422098 CEST1.1.1.1192.168.2.50xcc85No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:17.487915039 CEST1.1.1.1192.168.2.50x513fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:17.487915039 CEST1.1.1.1192.168.2.50x513fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:32:17.558264971 CEST1.1.1.1192.168.2.50xf112No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:11.892602921 CEST1.1.1.1192.168.2.50x828eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:11.892676115 CEST1.1.1.1192.168.2.50x4ea5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:11.892676115 CEST1.1.1.1192.168.2.50x4ea5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:14.151952028 CEST1.1.1.1192.168.2.50x2b58No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:14.151952028 CEST1.1.1.1192.168.2.50x2b58No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                              Sep 5, 2024 14:33:14.151976109 CEST1.1.1.1192.168.2.50x176eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • api.edgeoffer.microsoft.com
                                                                                              • clients2.googleusercontent.com
                                                                                              • chrome.cloudflare-dns.com
                                                                                              • https:
                                                                                                • accounts.youtube.com
                                                                                                • www.google.com
                                                                                              • fs.microsoft.com
                                                                                              • edgeassetservice.azureedge.net
                                                                                              • login.live.com
                                                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              • slscr.update.microsoft.com
                                                                                              • detectportal.firefox.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.54974534.107.221.82801816C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 14:31:17.171943903 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:31:17.621196985 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23043
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:31:27.642324924 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:31:37.850349903 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.54975634.107.221.82801816C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 14:31:19.268112898 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 14:31:19.722003937 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Wed, 04 Sep 2024 18:31:46 GMT
                                                                                              Age: 64773
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 14:31:29.728250980 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:31:39.738941908 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.54979234.107.221.82801816C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 14:31:45.822501898 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:31:46.267205000 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23072
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:31:46.452511072 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:31:46.547333002 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23072
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:31:46.913800955 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:31:47.008918047 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23072
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:31:57.025456905 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:07.041446924 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:08.048376083 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:17.480300903 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:32:17.579765081 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23103
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:32:18.241823912 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Connection: keep-alive
                                                                                              Sep 5, 2024 14:32:19.333821058 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23104
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:32:19.334191084 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23104
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:32:19.334420919 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23104
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:32:19.334898949 CEST298INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 90
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 06:07:14 GMT
                                                                                              Age: 23104
                                                                                              Content-Type: text/html
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                              Sep 5, 2024 14:32:29.339152098 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:39.351589918 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:49.378036022 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:59.393095016 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:33:09.413958073 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.54979334.107.221.82801816C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 14:31:46.278476000 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.54979734.107.221.82801816C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Sep 5, 2024 14:31:46.556524992 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 14:31:47.008935928 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 14781
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 14:31:47.014643908 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 14:31:47.110061884 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 14782
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 14:31:57.125850916 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:07.147120953 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:08.148833990 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:18.024344921 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 14:32:18.123671055 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 14813
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 14:32:19.586798906 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                              Host: detectportal.firefox.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Pragma: no-cache
                                                                                              Cache-Control: no-cache
                                                                                              Sep 5, 2024 14:32:19.682519913 CEST216INHTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Length: 8
                                                                                              Via: 1.1 google
                                                                                              Date: Thu, 05 Sep 2024 08:25:25 GMT
                                                                                              Age: 14814
                                                                                              Content-Type: text/plain
                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                              Data Ascii: success
                                                                                              Sep 5, 2024 14:32:29.696553946 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:39.714960098 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:49.721178055 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:32:59.738333941 CEST6OUTData Raw: 00
                                                                                              Data Ascii:
                                                                                              Sep 5, 2024 14:33:09.746057034 CEST6OUTData Raw: 00
                                                                                              Data Ascii:


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.54971494.245.104.564437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:11 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                              Host: api.edgeoffer.microsoft.com
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:11 UTC584INHTTP/1.1 200 OK
                                                                                              Content-Length: 0
                                                                                              Connection: close
                                                                                              Content-Type: application/x-protobuf; charset=utf-8
                                                                                              Date: Thu, 05 Sep 2024 12:31:11 GMT
                                                                                              Server: Microsoft-IIS/10.0
                                                                                              Set-Cookie: ARRAffinity=f2b01b5aff47b6a2e38f49356d115a0807f0755dfea9b74b73454039d08ab076;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                              Set-Cookie: ARRAffinitySameSite=f2b01b5aff47b6a2e38f49356d115a0807f0755dfea9b74b73454039d08ab076;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                              Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                                              X-Powered-By: ASP.NET


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.549720142.250.185.654437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:14 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                              Host: clients2.googleusercontent.com
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:14 UTC566INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 135751
                                                                                              X-GUploader-UploadID: AD-8ljtu1zJSQ3bHL5GAb9wOuCbd34RY1JORtYlgFjvfcHqyP2BQ8b0y-u3dusruu0DbhH1wtUI
                                                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                                                              Server: UploadServer
                                                                                              Date: Wed, 04 Sep 2024 19:26:09 GMT
                                                                                              Expires: Thu, 04 Sep 2025 19:26:09 GMT
                                                                                              Cache-Control: public, max-age=31536000
                                                                                              Age: 61505
                                                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 12:31:14 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                                              Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                                              2024-09-05 12:31:14 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                                              Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.549727172.64.41.34437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:15 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 12:31:15 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 12:31:15 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 12:31:15 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be63c3b9b780cb2-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 12:31:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ad 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom#)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.549725172.64.41.34437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:15 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 12:31:15 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 12:31:15 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 12:31:15 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be63c3b8fe143a9-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 12:31:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e6 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcomA)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.549729162.159.61.34437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:15 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                              Host: chrome.cloudflare-dns.com
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 128
                                                                                              Accept: application/dns-message
                                                                                              Accept-Language: *
                                                                                              User-Agent: Chrome
                                                                                              Accept-Encoding: identity
                                                                                              Content-Type: application/dns-message
                                                                                              2024-09-05 12:31:15 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                              2024-09-05 12:31:15 UTC247INHTTP/1.1 200 OK
                                                                                              Server: cloudflare
                                                                                              Date: Thu, 05 Sep 2024 12:31:15 GMT
                                                                                              Content-Type: application/dns-message
                                                                                              Connection: close
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Content-Length: 468
                                                                                              CF-RAY: 8be63c3c4ab8426b-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              2024-09-05 12:31:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 01 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: wwwgstaticcom c)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.5497322.18.97.153443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:16 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 12:31:16 UTC467INHTTP/1.1 200 OK
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              Content-Type: application/octet-stream
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Server: ECAcc (lpl/EF70)
                                                                                              X-CID: 11
                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                              X-Ms-Region: prod-weu-z1
                                                                                              Cache-Control: public, max-age=101644
                                                                                              Date: Thu, 05 Sep 2024 12:31:16 GMT
                                                                                              Connection: close
                                                                                              X-CID: 2


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.549746142.251.40.1744437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:17 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=403473328&timestamp=1725539476166 HTTP/1.1
                                                                                              Host: accounts.youtube.com
                                                                                              Connection: keep-alive
                                                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                              sec-ch-ua-mobile: ?0
                                                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                                                              sec-ch-ua-arch: "x86"
                                                                                              sec-ch-ua-platform: "Windows"
                                                                                              sec-ch-ua-platform-version: "10.0.0"
                                                                                              sec-ch-ua-model: ""
                                                                                              sec-ch-ua-bitness: "64"
                                                                                              sec-ch-ua-wow64: ?0
                                                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                              Upgrade-Insecure-Requests: 1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Sec-Fetch-Site: cross-site
                                                                                              Sec-Fetch-Mode: navigate
                                                                                              Sec-Fetch-Dest: iframe
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:17 UTC1962INHTTP/1.1 200 OK
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                                              Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-uQgq_9bRQqvg3TUIbfIEQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 05 Sep 2024 12:31:17 GMT
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjMtDikmLw1ZBikPj6kkkLiJ3SZ7CGAHHSv_OsJUC8JOIi65HEi6yXuy-xXgdiIR6OqSefbWMT-PBwST-zkl5SfmF8ZkpqXklmSWVKfm5iZl5yfn52ZmpxcWpRWWpRvJGBkYmBpYGhnoFFfIEBALe7K4c"
                                                                                              Server: ESF
                                                                                              X-XSS-Protection: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Accept-Ranges: none
                                                                                              Vary: Accept-Encoding
                                                                                              Connection: close
                                                                                              Transfer-Encoding: chunked
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 37 36 30 39 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 75 51 67 71 5f 39 62 52 51 71 76 67 33 54 55 49 62 66 49 45 51 77 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                                                              Data Ascii: 7609<html><head><script nonce="uQgq_9bRQqvg3TUIbfIEQw">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73
                                                                                              Data Ascii: )if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 65 74 75 72 6e 20 61 7d 2c 41 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 0a 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74
                                                                                              Data Ascii: eturn a},Aa=function(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))t
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 3d 4d 61 3f 61 2e 74 6f 4a 53 4f 4e 28 29 3a 4a 61 28 61 29 7d 2c 4f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 77 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 0a 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28
                                                                                              Data Ascii: =Ma?a.toJSON():Ja(a)},Oa=function(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=wa(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 53 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20
                                                                                              Data Ascii: 0;c<b.length;c++){var d=Sa[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74
                                                                                              Data Ascii: totype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prot
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72
                                                                                              Data Ascii: ;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}retur
                                                                                              2024-09-05 12:31:17 UTC1962INData Raw: 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 61 2e 62 69 6e 64 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72
                                                                                              Data Ascii: ,b,c){return a.call.apply(a.bind,arguments)},hb=function(a,b,c){if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);retur
                                                                                              2024-09-05 12:31:18 UTC1962INData Raw: 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 62 3d 6e 62 28 61 29 3b 72 65 74 75 72 6e 21 63 26 26 61 2e 6c 69 6e 65 4e 75 6d 62
                                                                                              Data Ascii: e",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not available",c=!0}b=nb(a);return!c&&a.lineNumb
                                                                                              2024-09-05 12:31:18 UTC1962INData Raw: 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 2c 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e
                                                                                              Data Ascii: r b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$"),ub=function(a,b){if(!b)return


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.5497442.18.97.153443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              Accept-Encoding: identity
                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                              Range: bytes=0-2147483646
                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                              Host: fs.microsoft.com
                                                                                              2024-09-05 12:31:18 UTC535INHTTP/1.1 200 OK
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                              ApiVersion: Distribute 1.1
                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                              X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                                              Cache-Control: public, max-age=101696
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Content-Length: 55
                                                                                              Connection: close
                                                                                              X-CID: 2
                                                                                              2024-09-05 12:31:18 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.549749142.250.65.1744437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:18 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.549750142.250.65.1744437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                              Host: play.google.com
                                                                                              Connection: keep-alive
                                                                                              Accept: */*
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: x-goog-authuser
                                                                                              Origin: https://accounts.google.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              Sec-Fetch-Mode: cors
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Dest: empty
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:18 UTC520INHTTP/1.1 200 OK
                                                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                              Access-Control-Max-Age: 86400
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Server: Playlog
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.54974713.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                                                              Sec-Mesh-Client-OS: Windows
                                                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                              Sec-Mesh-Client-Arch: x86_64
                                                                                              Sec-Mesh-Client-WebView: 0
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:18 UTC583INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 70207
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                                              ETag: 0x8DCB31E67C22927
                                                                                              x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123118Z-16579567576ztstdfgdnkw0mpw0000000cdg00000000nh54
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:18 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                                              2024-09-05 12:31:18 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.54974813.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: Shoreline
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:18 UTC577INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 306698
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                              ETag: 0x8DBC9B5C40EBFF4
                                                                                              x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123118Z-16579567576rhxz5kgqdm3tfq00000000cfg00000000afvw
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:18 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                                              2024-09-05 12:31:18 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.54973340.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:18 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 3592
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:18 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:19 UTC568INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:19 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C555_SN1
                                                                                              x-ms-request-id: a37e89b3-2312-4eda-9c13-0c32a6326a24
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002FA22 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:18 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 1276
                                                                                              2024-09-05 12:31:19 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.549753142.251.35.1644437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:19 UTC881OUTGET /favicon.ico HTTP/1.1
                                                                                              Host: www.google.com
                                                                                              Connection: keep-alive
                                                                                              sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                              sec-ch-ua-mobile: ?0
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                              sec-ch-ua-arch: "x86"
                                                                                              sec-ch-ua-full-version: "117.0.5938.132"
                                                                                              sec-ch-ua-platform-version: "10.0.0"
                                                                                              sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                              sec-ch-ua-bitness: "64"
                                                                                              sec-ch-ua-model: ""
                                                                                              sec-ch-ua-wow64: ?0
                                                                                              sec-ch-ua-platform: "Windows"
                                                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                              Sec-Fetch-Site: same-site
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: image
                                                                                              Referer: https://accounts.google.com/
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:19 UTC705INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                              Content-Length: 5430
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Server: sffe
                                                                                              X-XSS-Protection: 0
                                                                                              Date: Thu, 05 Sep 2024 11:55:59 GMT
                                                                                              Expires: Fri, 13 Sep 2024 11:55:59 GMT
                                                                                              Cache-Control: public, max-age=691200
                                                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                              Content-Type: image/x-icon
                                                                                              Vary: Accept-Encoding
                                                                                              Age: 2120
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-09-05 12:31:19 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                                                              2024-09-05 12:31:19 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                              2024-09-05 12:31:19 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                              2024-09-05 12:31:19 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: BBBBBBF!4I
                                                                                              2024-09-05 12:31:19 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                              Data Ascii: $'


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.54976013.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:20 UTC522INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1579
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                                              ETag: 0x8DBDCB5DE99522A
                                                                                              x-ms-request-id: ad365aed-b01e-003a-593a-ff2ba4000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123120Z-16579567576h9nndaeer0cv35w0000000cb00000000043q5
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:20 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.54975913.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:20 UTC515INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1966
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                              ETag: 0x8DBDCB5EC122A94
                                                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123120Z-165795675762h26c6ze2t4q7600000000cbg00000000m1ps
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:20 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.54976113.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:20 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1751
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                              ETag: 0x8DBCEA8D5AACC85
                                                                                              x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123120Z-165795675767jvm9z21nmtw4wn0000000c8g00000000498s
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:20 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.54976213.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:20 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2008
                                                                                              Connection: close
                                                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                              ETag: 0x8DBC9B5C0C17219
                                                                                              x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123120Z-165795675762h26c6ze2t4q7600000000cc000000000kf2a
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:20 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.54975813.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:20 UTC515INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1427
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                              ETag: 0x8DBDCB5EF021F8E
                                                                                              x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123120Z-16579567576phhfj0h0z9mnmag0000000c900000000097tn
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:20 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.54976340.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:20 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 7642
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:20 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 6c 70 62 74 6e 70 6c 6f 73 62 6d 69 70 64 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 4d 5a 6b 6a 6a 79 38 4d 69 29 66 7a 47 6d 53 44 43 3d 3f 6f 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d
                                                                                              Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02lpbtnplosbmipd</Membername><Password>MZkjjy8Mi)fzGmSDC=?o</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
                                                                                              2024-09-05 12:31:22 UTC542INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: text/xml
                                                                                              Expires: Thu, 05 Sep 2024 12:30:20 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C542_SN1
                                                                                              x-ms-request-id: 4a2613c9-c952-472b-8acf-4ad297cb703f
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002F18A V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 17166
                                                                                              2024-09-05 12:31:22 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 38 30 30 46 34 45 41 44 43 46 45 38 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 37 31 36 65 63 32 38 36 2d 33 38 34 30 2d 34 34 35 35 2d 38 65 35 66 2d 62 30 30 64 33 39 31 64 30 66 36 65 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                              Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018800F4EADCFE8</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="716ec286-3840-4455-8e5f-b00d391d0f6e" LicenseID="3252b20c-d425-4711
                                                                                              2024-09-05 12:31:22 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                              Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.54975740.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 3592
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:21 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:21 UTC568INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:21 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C555_BL2
                                                                                              x-ms-request-id: d34d8915-78e3-4a5c-955b-003b6ede9ad5
                                                                                              PPServer: PPV: 30 H: BL02EPF0001D7BC V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:20 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 1276
                                                                                              2024-09-05 12:31:21 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.54976913.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:21 UTC536INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 2229
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                              ETag: 0x8DBD59359A9E77B
                                                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123121Z-16579567576rhxz5kgqdm3tfq00000000cdg00000000fn2t
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 0
                                                                                              X-Cache-Info: L1_T2
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:21 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.54977213.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:21 UTC543INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1154
                                                                                              Connection: close
                                                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                              ETag: 0x8DBD5935D5B3965
                                                                                              x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123121Z-16579567576fh7f86y3uqsyhx00000000c5g00000000kzdx
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              X-Cache-Info: L1_T2
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:21 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.54977013.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:21 UTC522INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 1468
                                                                                              Connection: close
                                                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                              ETag: 0x8DBDCB5E23DFC43
                                                                                              x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123121Z-16579567576gnfmq2acf56mm700000000cag000000005rpq
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:21 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.54976813.107.246.404437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                                              Host: edgeassetservice.azureedge.net
                                                                                              Connection: keep-alive
                                                                                              Edge-Asset-Group: ProductCategories
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:21 UTC538INHTTP/1.1 200 OK
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 82989
                                                                                              Connection: close
                                                                                              Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                                              ETag: 0x8DB5D5E89CE25EB
                                                                                              x-ms-request-id: 6fdf05a2-e01e-000b-5f3a-ff7073000000
                                                                                              x-ms-version: 2009-09-19
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              x-azure-ref: 20240905T123121Z-16579567576w5bqfyu10zdac7g0000000c4000000000e2hp
                                                                                              Cache-Control: public, max-age=604800
                                                                                              x-fd-int-roxy-purgeid: 69316365
                                                                                              X-Cache: TCP_HIT
                                                                                              Accept-Ranges: bytes
                                                                                              2024-09-05 12:31:21 UTC15846INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                                              Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                                              2024-09-05 12:31:21 UTC16384INData Raw: 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73
                                                                                              Data Ascii: System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & Housewares
                                                                                              2024-09-05 12:31:21 UTC16384INData Raw: 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61 6c
                                                                                              Data Ascii: Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musical
                                                                                              2024-09-05 12:31:21 UTC16384INData Raw: 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72 0a
                                                                                              Data Ascii: n & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear
                                                                                              2024-09-05 12:31:21 UTC16384INData Raw: 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74 69
                                                                                              Data Ascii: OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installati
                                                                                              2024-09-05 12:31:21 UTC1607INData Raw: 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72 65
                                                                                              Data Ascii: Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurniture


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.549773152.195.19.974437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:21 UTC614OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726144273&P2=404&P3=2&P4=gRzw0TlO28v3xn3M7ZJhhK0eBAMU0JhFJIg7WN8JZ5MTymrQli7NI%2bsdHZx608dhOnKfPCyJKrT9LBIEthiwCg%3d%3d HTTP/1.1
                                                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                              Connection: keep-alive
                                                                                              MS-CV: 3Al34tMPCy06pq6FBnsh7y
                                                                                              Sec-Fetch-Site: none
                                                                                              Sec-Fetch-Mode: no-cors
                                                                                              Sec-Fetch-Dest: empty
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:31:22 UTC632INHTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 5466012
                                                                                              Cache-Control: public, max-age=17280000
                                                                                              Content-Type: application/x-chrome-extension
                                                                                              Date: Thu, 05 Sep 2024 12:31:21 GMT
                                                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                              Server: ECAcc (nyd/D11E)
                                                                                              X-AspNet-Version: 4.0.30319
                                                                                              X-AspNetMvc-Version: 5.3
                                                                                              X-Cache: HIT
                                                                                              X-CCC: US
                                                                                              X-CID: 11
                                                                                              X-Powered-By: ASP.NET
                                                                                              X-Powered-By: ARR/3.0
                                                                                              X-Powered-By: ASP.NET
                                                                                              Content-Length: 11185
                                                                                              Connection: close
                                                                                              2024-09-05 12:31:22 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              26192.168.2.54977520.114.59.183443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:22 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdKrGKVxsOrhn2G&MD=bUKt+RBK HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 12:31:23 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                              MS-CorrelationId: 23397f24-16ff-4486-a51f-177981846724
                                                                                              MS-RequestId: dac64d39-aa76-4cee-8155-91b3be8661bb
                                                                                              MS-CV: 2tqYVCNtLECPaYW2.0
                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 12:31:22 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 24490
                                                                                              2024-09-05 12:31:23 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                              2024-09-05 12:31:23 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              27192.168.2.54978040.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 3592
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:23 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:24 UTC569INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:23 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C527_SN1
                                                                                              x-ms-request-id: 59a32bb4-e761-4d8a-a2b1-8cca72bed6c4
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002FA2C V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:23 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 11389
                                                                                              2024-09-05 12:31:24 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              28192.168.2.54978240.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:25 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 3592
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:25 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:25 UTC569INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:25 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C527_SN1
                                                                                              x-ms-request-id: 14f151f7-8d3a-4be0-bf56-8f7b519f48d2
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002F134 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:24 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 11389
                                                                                              2024-09-05 12:31:25 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              29192.168.2.54978340.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:26 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 4775
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:26 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:27 UTC568INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:26 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C555_SN1
                                                                                              x-ms-request-id: 81f5ca3e-e72f-4640-8135-407972b3b2a6
                                                                                              PPServer: PPV: 30 H: SN1PEPF0003FB37 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:26 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 1918
                                                                                              2024-09-05 12:31:27 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              30192.168.2.54978540.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:28 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 4775
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:28 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:28 UTC569INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:28 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C527_SN1
                                                                                              x-ms-request-id: 94c804c8-6934-46ff-8e63-c35e8728a0ab
                                                                                              PPServer: PPV: 30 H: SN1PEPF0003F953 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:28 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 11409
                                                                                              2024-09-05 12:31:28 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              31192.168.2.54978440.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:28 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 4775
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:28 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:28 UTC568INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:28 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C555_SN1
                                                                                              x-ms-request-id: 459955de-738a-4d96-ba83-ada8e648eeb7
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002FA24 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:28 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 1918
                                                                                              2024-09-05 12:31:28 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              32192.168.2.54978640.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:29 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 4775
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:29 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:30 UTC569INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:29 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C527_SN1
                                                                                              x-ms-request-id: c9f29be6-610b-4476-8d83-5211b2b4b6ca
                                                                                              PPServer: PPV: 30 H: SN1PEPF0002F1B5 V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:29 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 11409
                                                                                              2024-09-05 12:31:30 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              33192.168.2.54978740.126.31.69443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:31:31 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/soap+xml
                                                                                              Accept: */*
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                              Content-Length: 4775
                                                                                              Host: login.live.com
                                                                                              2024-09-05 12:31:31 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                              2024-09-05 12:31:31 UTC569INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-store, no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                              Expires: Thu, 05 Sep 2024 12:30:31 GMT
                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                              x-ms-route-info: C527_BL2
                                                                                              x-ms-request-id: bc621294-aea8-4588-ade9-28a10f1f47d9
                                                                                              PPServer: PPV: 30 H: BL02EPF0002791B V: 0
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Date: Thu, 05 Sep 2024 12:31:30 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 11409
                                                                                              2024-09-05 12:31:31 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              34192.168.2.54979920.114.59.183443
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:32:00 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdKrGKVxsOrhn2G&MD=bUKt+RBK HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                              Host: slscr.update.microsoft.com
                                                                                              2024-09-05 12:32:01 UTC560INHTTP/1.1 200 OK
                                                                                              Cache-Control: no-cache
                                                                                              Pragma: no-cache
                                                                                              Content-Type: application/octet-stream
                                                                                              Expires: -1
                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                              MS-CorrelationId: 4c6babf3-87ec-4416-a03a-b92adce94d79
                                                                                              MS-RequestId: c93bf00b-d30d-470d-b6f3-8f926758929a
                                                                                              MS-CV: tK1D6Pw6LEqyKL7q.0
                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Date: Thu, 05 Sep 2024 12:31:59 GMT
                                                                                              Connection: close
                                                                                              Content-Length: 30005
                                                                                              2024-09-05 12:32:01 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                              2024-09-05 12:32:01 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              35192.168.2.54980623.55.235.1704437188C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-09-05 12:33:13 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                              Host: bzib.nelreports.net
                                                                                              Connection: keep-alive
                                                                                              Origin: https://business.bing.com
                                                                                              Access-Control-Request-Method: POST
                                                                                              Access-Control-Request-Headers: content-type
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                              2024-09-05 12:33:13 UTC330INHTTP/1.1 429 Too Many Requests
                                                                                              Content-Length: 0
                                                                                              Date: Thu, 05 Sep 2024 12:33:13 GMT
                                                                                              Connection: close
                                                                                              PMUSER_FORMAT_QS:
                                                                                              X-CDN-TraceId: 0.a6eb3717.1725539593.2b43c1
                                                                                              Access-Control-Allow-Credentials: false
                                                                                              Access-Control-Allow-Methods: *
                                                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                              Access-Control-Allow-Origin: *


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:08:31:05
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                              Imagebase:0xb80000
                                                                                              File size:917'504 bytes
                                                                                              MD5 hash:9174E680D1B0EA8CDB3EE932EC2DFC6F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:08:31:06
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:08:31:06
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff79f9e0000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:08:31:06
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                              Imagebase:0x7ff79f9e0000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:08:31:06
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff79f9e0000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:08:31:07
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2056,i,6247163367441240488,2576398707470590896,262144 /prefetch:3
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:08:31:08
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:08:31:08
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2688 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:3
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:08:31:11
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccf95cfb-f749-4af2-904e-7994877402df} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2408cb6db10 socket
                                                                                              Imagebase:0x7ff79f9e0000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:12
                                                                                              Start time:08:31:12
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:13
                                                                                              Start time:08:31:12
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6736 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:18
                                                                                              Start time:08:31:15
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4456 -parentBuildID 20230927232528 -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26273 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f8d3111-a88f-4b01-91e4-af2e9be1c464} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2409f819410 rdd
                                                                                              Imagebase:0x7ff79f9e0000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:19
                                                                                              Start time:08:31:16
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=8500 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:20
                                                                                              Start time:08:31:17
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8648 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:21
                                                                                              Start time:08:31:18
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8496 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:24
                                                                                              Start time:08:32:08
                                                                                              Start date:05/09/2024
                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8780 --field-trial-handle=2732,i,2053604425234520121,15701562997204502456,262144 /prefetch:8
                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                              File size:4'210'216 bytes
                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.9%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:4.8%
                                                                                                Total number of Nodes:1389
                                                                                                Total number of Limit Nodes:54
                                                                                                execution_graph 96257 b81098 96262 b842de 96257->96262 96261 b810a7 96283 b8a961 96262->96283 96266 b84342 96281 b84378 96266->96281 96300 b893b2 96266->96300 96268 b8436c 96304 b837a0 96268->96304 96269 b8441b GetCurrentProcess IsWow64Process 96271 b84437 96269->96271 96272 b8444f LoadLibraryA 96271->96272 96273 bc3824 GetSystemInfo 96271->96273 96274 b8449c GetSystemInfo 96272->96274 96275 b84460 GetProcAddress 96272->96275 96278 b84476 96274->96278 96275->96274 96277 b84470 GetNativeSystemInfo 96275->96277 96276 bc37df 96277->96278 96279 b8447a FreeLibrary 96278->96279 96280 b8109d 96278->96280 96279->96280 96282 ba00a3 29 API calls __onexit 96280->96282 96281->96269 96281->96276 96282->96261 96308 b9fe0b 96283->96308 96285 b8a976 96318 b9fddb 96285->96318 96287 b842f5 GetVersionExW 96288 b86b57 96287->96288 96289 bc4ba1 96288->96289 96290 b86b67 _wcslen 96288->96290 96291 b893b2 22 API calls 96289->96291 96293 b86b7d 96290->96293 96294 b86ba2 96290->96294 96292 bc4baa 96291->96292 96292->96292 96343 b86f34 22 API calls 96293->96343 96296 b9fddb 22 API calls 96294->96296 96298 b86bae 96296->96298 96297 b86b85 __fread_nolock 96297->96266 96299 b9fe0b 22 API calls 96298->96299 96299->96297 96301 b893c0 96300->96301 96302 b893c9 __fread_nolock 96300->96302 96301->96302 96344 b8aec9 96301->96344 96302->96268 96302->96302 96305 b837ae 96304->96305 96306 b893b2 22 API calls 96305->96306 96307 b837c2 96306->96307 96307->96281 96311 b9fddb 96308->96311 96310 b9fdfa 96310->96285 96311->96310 96314 b9fdfc 96311->96314 96328 baea0c 96311->96328 96335 ba4ead 7 API calls 2 library calls 96311->96335 96313 ba066d 96337 ba32a4 RaiseException 96313->96337 96314->96313 96336 ba32a4 RaiseException 96314->96336 96317 ba068a 96317->96285 96321 b9fde0 96318->96321 96319 baea0c ___std_exception_copy 21 API calls 96319->96321 96320 b9fdfa 96320->96287 96321->96319 96321->96320 96324 b9fdfc 96321->96324 96340 ba4ead 7 API calls 2 library calls 96321->96340 96323 ba066d 96342 ba32a4 RaiseException 96323->96342 96324->96323 96341 ba32a4 RaiseException 96324->96341 96326 ba068a 96326->96287 96333 bb3820 _abort 96328->96333 96329 bb385e 96339 baf2d9 20 API calls _abort 96329->96339 96331 bb3849 RtlAllocateHeap 96332 bb385c 96331->96332 96331->96333 96332->96311 96333->96329 96333->96331 96338 ba4ead 7 API calls 2 library calls 96333->96338 96335->96311 96336->96313 96337->96317 96338->96333 96339->96332 96340->96321 96341->96323 96342->96326 96343->96297 96345 b8aedc 96344->96345 96349 b8aed9 __fread_nolock 96344->96349 96346 b9fddb 22 API calls 96345->96346 96347 b8aee7 96346->96347 96348 b9fe0b 22 API calls 96347->96348 96348->96349 96349->96302 96350 ba03fb 96351 ba0407 ___BuildCatchObject 96350->96351 96379 b9feb1 96351->96379 96353 ba040e 96354 ba0561 96353->96354 96357 ba0438 96353->96357 96409 ba083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96354->96409 96356 ba0568 96402 ba4e52 96356->96402 96368 ba0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96357->96368 96390 bb247d 96357->96390 96364 ba0457 96366 ba04d8 96398 ba0959 96366->96398 96368->96366 96405 ba4e1a 38 API calls 2 library calls 96368->96405 96370 ba04de 96371 ba04f3 96370->96371 96406 ba0992 GetModuleHandleW 96371->96406 96373 ba04fa 96373->96356 96374 ba04fe 96373->96374 96375 ba0507 96374->96375 96407 ba4df5 28 API calls _abort 96374->96407 96408 ba0040 13 API calls 2 library calls 96375->96408 96378 ba050f 96378->96364 96380 b9feba 96379->96380 96411 ba0698 IsProcessorFeaturePresent 96380->96411 96382 b9fec6 96412 ba2c94 10 API calls 3 library calls 96382->96412 96384 b9fecb 96389 b9fecf 96384->96389 96413 bb2317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96384->96413 96386 b9fed8 96387 b9fee6 96386->96387 96414 ba2cbd 8 API calls 3 library calls 96386->96414 96387->96353 96389->96353 96393 bb2494 96390->96393 96392 ba0451 96392->96364 96394 bb2421 96392->96394 96415 ba0a8c 96393->96415 96396 bb2450 96394->96396 96395 ba0a8c CatchGuardHandler 5 API calls 96397 bb2479 96395->96397 96396->96395 96397->96368 96423 ba2340 96398->96423 96401 ba097f 96401->96370 96425 ba4bcf 96402->96425 96405->96366 96406->96373 96407->96375 96408->96378 96409->96356 96411->96382 96412->96384 96413->96386 96414->96389 96416 ba0a97 IsProcessorFeaturePresent 96415->96416 96417 ba0a95 96415->96417 96419 ba0c5d 96416->96419 96417->96392 96422 ba0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96419->96422 96421 ba0d40 96421->96392 96422->96421 96424 ba096c GetStartupInfoW 96423->96424 96424->96401 96426 ba4bdb _abort 96425->96426 96427 ba4be2 96426->96427 96428 ba4bf4 96426->96428 96464 ba4d29 GetModuleHandleW 96427->96464 96449 bb2f5e EnterCriticalSection 96428->96449 96431 ba4be7 96431->96428 96465 ba4d6d GetModuleHandleExW 96431->96465 96435 ba4bfb 96437 ba4c70 96435->96437 96447 ba4c99 96435->96447 96450 bb21a8 96435->96450 96438 ba4c88 96437->96438 96442 bb2421 _abort 5 API calls 96437->96442 96443 bb2421 _abort 5 API calls 96438->96443 96439 ba4ce2 96473 bc1d29 5 API calls CatchGuardHandler 96439->96473 96440 ba4cb6 96456 ba4ce8 96440->96456 96442->96438 96443->96447 96453 ba4cd9 96447->96453 96449->96435 96474 bb1ee1 96450->96474 96500 bb2fa6 LeaveCriticalSection 96453->96500 96455 ba4cb2 96455->96439 96455->96440 96501 bb360c 96456->96501 96459 ba4d16 96462 ba4d6d _abort 8 API calls 96459->96462 96460 ba4cf6 GetPEB 96460->96459 96461 ba4d06 GetCurrentProcess TerminateProcess 96460->96461 96461->96459 96463 ba4d1e ExitProcess 96462->96463 96464->96431 96466 ba4dba 96465->96466 96467 ba4d97 GetProcAddress 96465->96467 96469 ba4dc9 96466->96469 96470 ba4dc0 FreeLibrary 96466->96470 96468 ba4dac 96467->96468 96468->96466 96471 ba0a8c CatchGuardHandler 5 API calls 96469->96471 96470->96469 96472 ba4bf3 96471->96472 96472->96428 96477 bb1e90 96474->96477 96476 bb1f05 96476->96437 96478 bb1e9c ___BuildCatchObject 96477->96478 96485 bb2f5e EnterCriticalSection 96478->96485 96480 bb1eaa 96486 bb1f31 96480->96486 96484 bb1ec8 __wsopen_s 96484->96476 96485->96480 96487 bb1f51 96486->96487 96490 bb1f59 96486->96490 96488 ba0a8c CatchGuardHandler 5 API calls 96487->96488 96489 bb1eb7 96488->96489 96492 bb1ed5 LeaveCriticalSection _abort 96489->96492 96490->96487 96493 bb29c8 96490->96493 96492->96484 96494 bb29d3 RtlFreeHeap 96493->96494 96495 bb29fc _free 96493->96495 96494->96495 96496 bb29e8 96494->96496 96495->96487 96499 baf2d9 20 API calls _abort 96496->96499 96498 bb29ee GetLastError 96498->96495 96499->96498 96500->96455 96502 bb3631 96501->96502 96503 bb3627 96501->96503 96508 bb2fd7 5 API calls 2 library calls 96502->96508 96505 ba0a8c CatchGuardHandler 5 API calls 96503->96505 96506 ba4cf2 96505->96506 96506->96459 96506->96460 96507 bb3648 96507->96503 96508->96507 96509 b8105b 96514 b8344d 96509->96514 96511 b8106a 96545 ba00a3 29 API calls __onexit 96511->96545 96513 b81074 96515 b8345d __wsopen_s 96514->96515 96516 b8a961 22 API calls 96515->96516 96517 b83513 96516->96517 96546 b83a5a 96517->96546 96519 b8351c 96553 b83357 96519->96553 96526 b8a961 22 API calls 96527 b8354d 96526->96527 96574 b8a6c3 96527->96574 96530 bc3176 RegQueryValueExW 96531 bc320c RegCloseKey 96530->96531 96532 bc3193 96530->96532 96534 b83578 96531->96534 96544 bc321e _wcslen 96531->96544 96533 b9fe0b 22 API calls 96532->96533 96535 bc31ac 96533->96535 96534->96511 96580 b85722 96535->96580 96536 b84c6d 22 API calls 96536->96544 96539 bc31d4 96540 b86b57 22 API calls 96539->96540 96541 bc31ee messages 96540->96541 96541->96531 96543 b8515f 22 API calls 96543->96544 96544->96534 96544->96536 96544->96543 96583 b89cb3 96544->96583 96545->96513 96589 bc1f50 96546->96589 96549 b89cb3 22 API calls 96550 b83a8d 96549->96550 96591 b83aa2 96550->96591 96552 b83a97 96552->96519 96554 bc1f50 __wsopen_s 96553->96554 96555 b83364 GetFullPathNameW 96554->96555 96556 b83386 96555->96556 96557 b86b57 22 API calls 96556->96557 96558 b833a4 96557->96558 96559 b833c6 96558->96559 96560 b833dd 96559->96560 96561 bc30bb 96559->96561 96601 b833ee 96560->96601 96563 b9fddb 22 API calls 96561->96563 96565 bc30c5 _wcslen 96563->96565 96564 b833e8 96568 b8515f 96564->96568 96566 b9fe0b 22 API calls 96565->96566 96567 bc30fe __fread_nolock 96566->96567 96569 b8516e 96568->96569 96573 b8518f __fread_nolock 96568->96573 96571 b9fe0b 22 API calls 96569->96571 96570 b9fddb 22 API calls 96572 b83544 96570->96572 96571->96573 96572->96526 96573->96570 96575 b8a6dd 96574->96575 96576 b83556 RegOpenKeyExW 96574->96576 96577 b9fddb 22 API calls 96575->96577 96576->96530 96576->96534 96578 b8a6e7 96577->96578 96579 b9fe0b 22 API calls 96578->96579 96579->96576 96581 b9fddb 22 API calls 96580->96581 96582 b85734 RegQueryValueExW 96581->96582 96582->96539 96582->96541 96584 b89cc2 _wcslen 96583->96584 96585 b9fe0b 22 API calls 96584->96585 96586 b89cea __fread_nolock 96585->96586 96587 b9fddb 22 API calls 96586->96587 96588 b89d00 96587->96588 96588->96544 96590 b83a67 GetModuleFileNameW 96589->96590 96590->96549 96592 bc1f50 __wsopen_s 96591->96592 96593 b83aaf GetFullPathNameW 96592->96593 96594 b83ae9 96593->96594 96595 b83ace 96593->96595 96596 b8a6c3 22 API calls 96594->96596 96597 b86b57 22 API calls 96595->96597 96598 b83ada 96596->96598 96597->96598 96599 b837a0 22 API calls 96598->96599 96600 b83ae6 96599->96600 96600->96552 96602 b833fe _wcslen 96601->96602 96603 bc311d 96602->96603 96604 b83411 96602->96604 96606 b9fddb 22 API calls 96603->96606 96611 b8a587 96604->96611 96608 bc3127 96606->96608 96607 b8341e __fread_nolock 96607->96564 96609 b9fe0b 22 API calls 96608->96609 96610 bc3157 __fread_nolock 96609->96610 96612 b8a59d 96611->96612 96615 b8a598 __fread_nolock 96611->96615 96613 b9fe0b 22 API calls 96612->96613 96614 bcf80f 96612->96614 96613->96615 96615->96607 96616 b8f7bf 96617 b8f7d3 96616->96617 96618 b8fcb6 96616->96618 96620 b8fcc2 96617->96620 96621 b9fddb 22 API calls 96617->96621 96705 b8aceb 23 API calls messages 96618->96705 96706 b8aceb 23 API calls messages 96620->96706 96623 b8f7e5 96621->96623 96623->96620 96624 b8f83e 96623->96624 96625 b8fd3d 96623->96625 96641 b8ed9d messages 96624->96641 96651 b91310 96624->96651 96707 bf1155 22 API calls 96625->96707 96628 b8fef7 96628->96641 96709 b8a8c7 22 API calls __fread_nolock 96628->96709 96631 bd4b0b 96711 bf359c 82 API calls __wsopen_s 96631->96711 96632 b8a8c7 22 API calls 96649 b8ec76 messages 96632->96649 96633 bd4600 96633->96641 96708 b8a8c7 22 API calls __fread_nolock 96633->96708 96639 b8fbe3 96639->96641 96642 bd4bdc 96639->96642 96650 b8f3ae messages 96639->96650 96640 b8a961 22 API calls 96640->96649 96712 bf359c 82 API calls __wsopen_s 96642->96712 96644 ba00a3 29 API calls pre_c_initialization 96644->96649 96645 ba0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96645->96649 96646 ba01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96646->96649 96647 bd4beb 96713 bf359c 82 API calls __wsopen_s 96647->96713 96648 b9fddb 22 API calls 96648->96649 96649->96628 96649->96631 96649->96632 96649->96633 96649->96639 96649->96640 96649->96641 96649->96644 96649->96645 96649->96646 96649->96647 96649->96648 96649->96650 96703 b901e0 185 API calls 2 library calls 96649->96703 96704 b906a0 41 API calls messages 96649->96704 96650->96641 96710 bf359c 82 API calls __wsopen_s 96650->96710 96652 b917b0 96651->96652 96653 b91376 96651->96653 96762 ba0242 5 API calls __Init_thread_wait 96652->96762 96655 b91390 96653->96655 96656 bd6331 96653->96656 96657 b91940 9 API calls 96655->96657 96658 bd633d 96656->96658 96767 c0709c 185 API calls 96656->96767 96661 b913a0 96657->96661 96658->96649 96660 b917ba 96662 b917fb 96660->96662 96664 b89cb3 22 API calls 96660->96664 96663 b91940 9 API calls 96661->96663 96666 bd6346 96662->96666 96668 b9182c 96662->96668 96665 b913b6 96663->96665 96672 b917d4 96664->96672 96665->96662 96667 b913ec 96665->96667 96768 bf359c 82 API calls __wsopen_s 96666->96768 96667->96666 96681 b91408 __fread_nolock 96667->96681 96764 b8aceb 23 API calls messages 96668->96764 96671 b91839 96765 b9d217 185 API calls 96671->96765 96763 ba01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96672->96763 96675 bd636e 96769 bf359c 82 API calls __wsopen_s 96675->96769 96677 b9153c 96679 b91940 9 API calls 96677->96679 96678 bd63d1 96771 c05745 54 API calls _wcslen 96678->96771 96682 b91549 96679->96682 96681->96671 96681->96675 96683 b9fddb 22 API calls 96681->96683 96684 b9fe0b 22 API calls 96681->96684 96692 b9152f 96681->96692 96694 bd63b2 96681->96694 96699 b915c7 messages 96681->96699 96737 b8ec40 96681->96737 96687 b91940 9 API calls 96682->96687 96682->96699 96683->96681 96684->96681 96685 b91872 96766 b9faeb 23 API calls 96685->96766 96686 b9171d 96686->96649 96691 b91563 96687->96691 96691->96699 96772 b8a8c7 22 API calls __fread_nolock 96691->96772 96692->96677 96692->96678 96770 bf359c 82 API calls __wsopen_s 96694->96770 96696 b9167b messages 96696->96686 96761 b9ce17 22 API calls messages 96696->96761 96699->96685 96699->96696 96714 b91940 96699->96714 96724 c0a2ea 96699->96724 96729 bf5c5a 96699->96729 96734 c0ac5b 96699->96734 96773 bf359c 82 API calls __wsopen_s 96699->96773 96703->96649 96704->96649 96705->96620 96706->96625 96707->96641 96708->96641 96709->96641 96710->96641 96711->96641 96712->96647 96713->96641 96715 b91981 96714->96715 96720 b9195d 96714->96720 96774 ba0242 5 API calls __Init_thread_wait 96715->96774 96718 b98727 96723 b9196e 96718->96723 96777 ba01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96718->96777 96719 b9198b 96719->96720 96775 ba01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96719->96775 96720->96723 96776 ba0242 5 API calls __Init_thread_wait 96720->96776 96723->96699 96778 b87510 96724->96778 96728 c0a315 96728->96699 96730 b87510 53 API calls 96729->96730 96731 bf5c6d 96730->96731 96826 bedbbe lstrlenW 96731->96826 96733 bf5c77 96733->96699 96831 c0ad64 96734->96831 96736 c0ac6f 96736->96699 96742 b8ec76 messages 96737->96742 96738 ba0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96738->96742 96739 bd4beb 96870 bf359c 82 API calls __wsopen_s 96739->96870 96740 b8fef7 96751 b8ed9d messages 96740->96751 96866 b8a8c7 22 API calls __fread_nolock 96740->96866 96742->96738 96742->96739 96742->96740 96743 b9fddb 22 API calls 96742->96743 96745 bd4b0b 96742->96745 96746 bd4600 96742->96746 96750 b8a8c7 22 API calls 96742->96750 96742->96751 96754 b8fbe3 96742->96754 96755 b8a961 22 API calls 96742->96755 96757 ba00a3 29 API calls pre_c_initialization 96742->96757 96759 ba01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96742->96759 96760 b8f3ae messages 96742->96760 96863 b901e0 185 API calls 2 library calls 96742->96863 96864 b906a0 41 API calls messages 96742->96864 96743->96742 96868 bf359c 82 API calls __wsopen_s 96745->96868 96746->96751 96865 b8a8c7 22 API calls __fread_nolock 96746->96865 96750->96742 96751->96681 96754->96751 96756 bd4bdc 96754->96756 96754->96760 96755->96742 96869 bf359c 82 API calls __wsopen_s 96756->96869 96757->96742 96759->96742 96760->96751 96867 bf359c 82 API calls __wsopen_s 96760->96867 96761->96696 96762->96660 96763->96662 96764->96671 96765->96685 96766->96685 96767->96658 96768->96699 96769->96699 96770->96699 96771->96691 96772->96699 96773->96699 96774->96719 96775->96720 96776->96718 96777->96723 96779 b87522 96778->96779 96780 b87525 96778->96780 96801 bed4dc CreateToolhelp32Snapshot Process32FirstW 96779->96801 96781 b8755b 96780->96781 96782 b8752d 96780->96782 96783 bc50f6 96781->96783 96785 b8756d 96781->96785 96792 bc500f 96781->96792 96811 ba51c6 26 API calls 96782->96811 96814 ba5183 26 API calls 96783->96814 96812 b9fb21 51 API calls 96785->96812 96786 b8753d 96791 b9fddb 22 API calls 96786->96791 96789 bc510e 96789->96789 96793 b87547 96791->96793 96795 b9fe0b 22 API calls 96792->96795 96800 bc5088 96792->96800 96794 b89cb3 22 API calls 96793->96794 96794->96779 96796 bc5058 96795->96796 96797 b9fddb 22 API calls 96796->96797 96798 bc507f 96797->96798 96799 b89cb3 22 API calls 96798->96799 96799->96800 96813 b9fb21 51 API calls 96800->96813 96815 bedef7 96801->96815 96803 bed5db FindCloseChangeNotification 96803->96728 96804 bed529 Process32NextW 96804->96803 96805 bed522 96804->96805 96805->96803 96805->96804 96806 b8a961 22 API calls 96805->96806 96807 b89cb3 22 API calls 96805->96807 96821 b8525f 22 API calls 96805->96821 96822 b86350 22 API calls 96805->96822 96823 b9ce60 41 API calls 96805->96823 96806->96805 96807->96805 96811->96786 96812->96786 96813->96783 96814->96789 96817 bedf02 96815->96817 96816 bedf19 96825 ba62fb 39 API calls _strftime 96816->96825 96817->96816 96820 bedf1f 96817->96820 96824 ba63b2 GetStringTypeW _strftime 96817->96824 96820->96805 96821->96805 96822->96805 96823->96805 96824->96817 96825->96820 96827 bedbdc GetFileAttributesW 96826->96827 96828 bedc06 96826->96828 96827->96828 96829 bedbe8 FindFirstFileW 96827->96829 96828->96733 96829->96828 96830 bedbf9 FindClose 96829->96830 96830->96828 96832 b8a961 22 API calls 96831->96832 96834 c0ad77 ___scrt_fastfail 96832->96834 96833 c0adce 96835 c0adee 96833->96835 96837 b87510 53 API calls 96833->96837 96834->96833 96836 b87510 53 API calls 96834->96836 96838 c0ae3a 96835->96838 96841 b87510 53 API calls 96835->96841 96839 c0adab 96836->96839 96840 c0ade4 96837->96840 96844 c0ae4d ___scrt_fastfail 96838->96844 96862 b8b567 39 API calls 96838->96862 96839->96833 96842 b87510 53 API calls 96839->96842 96860 b87620 22 API calls _wcslen 96840->96860 96850 c0ae04 96841->96850 96845 c0adc4 96842->96845 96848 b87510 53 API calls 96844->96848 96859 b87620 22 API calls _wcslen 96845->96859 96849 c0ae85 ShellExecuteExW 96848->96849 96855 c0aeb0 96849->96855 96850->96838 96851 b87510 53 API calls 96850->96851 96852 c0ae28 96851->96852 96852->96838 96861 b8a8c7 22 API calls __fread_nolock 96852->96861 96854 c0aec8 96854->96736 96855->96854 96856 c0af35 GetProcessId 96855->96856 96857 c0af48 96856->96857 96858 c0af58 CloseHandle 96857->96858 96858->96854 96859->96833 96860->96835 96861->96838 96862->96844 96863->96742 96864->96742 96865->96751 96866->96751 96867->96751 96868->96751 96869->96739 96870->96751 96871 bd3f75 96882 b9ceb1 96871->96882 96873 bd3f8b 96874 bd4006 96873->96874 96949 b9e300 23 API calls 96873->96949 96891 b8bf40 96874->96891 96876 bd3fe6 96880 bd4052 96876->96880 96950 bf1abf 22 API calls 96876->96950 96879 bd4a88 96880->96879 96951 bf359c 82 API calls __wsopen_s 96880->96951 96883 b9cebf 96882->96883 96884 b9ced2 96882->96884 96952 b8aceb 23 API calls messages 96883->96952 96886 b9cf05 96884->96886 96887 b9ced7 96884->96887 96953 b8aceb 23 API calls messages 96886->96953 96889 b9fddb 22 API calls 96887->96889 96890 b9cec9 96889->96890 96890->96873 96954 b8adf0 96891->96954 96893 b8bf9d 96894 b8bfa9 96893->96894 96895 bd04b6 96893->96895 96897 bd04c6 96894->96897 96898 b8c01e 96894->96898 96973 bf359c 82 API calls __wsopen_s 96895->96973 96974 bf359c 82 API calls __wsopen_s 96897->96974 96959 b8ac91 96898->96959 96901 b8c7da 96906 b9fe0b 22 API calls 96901->96906 96905 bd04f5 96910 bd055a 96905->96910 96975 b9d217 185 API calls 96905->96975 96915 b8c808 __fread_nolock 96906->96915 96934 b8c603 96910->96934 96976 bf359c 82 API calls __wsopen_s 96910->96976 96911 b8ec40 185 API calls 96946 b8c039 __fread_nolock messages 96911->96946 96912 b9fe0b 22 API calls 96947 b8c350 __fread_nolock messages 96912->96947 96913 b8af8a 22 API calls 96913->96946 96914 be7120 22 API calls 96914->96946 96915->96912 96916 bd091a 96986 bf3209 23 API calls 96916->96986 96919 bd08a5 96920 b8ec40 185 API calls 96919->96920 96922 bd08cf 96920->96922 96922->96934 96984 b8a81b 41 API calls 96922->96984 96923 bd0591 96977 bf359c 82 API calls __wsopen_s 96923->96977 96924 bd08f6 96985 bf359c 82 API calls __wsopen_s 96924->96985 96928 b8bbe0 40 API calls 96928->96946 96930 b8c237 96932 b8c253 96930->96932 96987 b8a8c7 22 API calls __fread_nolock 96930->96987 96936 bd0976 96932->96936 96941 b8c297 messages 96932->96941 96934->96880 96935 b9fe0b 22 API calls 96935->96946 96988 b8aceb 23 API calls messages 96936->96988 96938 b9fddb 22 API calls 96938->96946 96940 bd09bf 96940->96934 96989 bf359c 82 API calls __wsopen_s 96940->96989 96941->96940 96970 b8aceb 23 API calls messages 96941->96970 96943 b8c335 96943->96940 96944 b8c342 96943->96944 96971 b8a704 22 API calls messages 96944->96971 96946->96901 96946->96905 96946->96910 96946->96911 96946->96913 96946->96914 96946->96915 96946->96916 96946->96919 96946->96923 96946->96924 96946->96928 96946->96930 96946->96934 96946->96935 96946->96938 96946->96940 96963 b8ad81 96946->96963 96978 be7099 22 API calls __fread_nolock 96946->96978 96979 c05745 54 API calls _wcslen 96946->96979 96980 b9aa42 22 API calls messages 96946->96980 96981 bef05c 40 API calls 96946->96981 96982 b8a993 41 API calls 96946->96982 96983 b8aceb 23 API calls messages 96946->96983 96948 b8c3ac 96947->96948 96972 b9ce17 22 API calls messages 96947->96972 96948->96880 96949->96876 96950->96874 96951->96879 96952->96890 96953->96890 96955 b8ae01 96954->96955 96958 b8ae1c messages 96954->96958 96956 b8aec9 22 API calls 96955->96956 96957 b8ae09 CharUpperBuffW 96956->96957 96957->96958 96958->96893 96960 b8acae 96959->96960 96961 b8acd1 96960->96961 96990 bf359c 82 API calls __wsopen_s 96960->96990 96961->96946 96964 bcfadb 96963->96964 96965 b8ad92 96963->96965 96966 b9fddb 22 API calls 96965->96966 96967 b8ad99 96966->96967 96991 b8adcd 96967->96991 96970->96943 96971->96947 96972->96947 96973->96897 96974->96934 96975->96910 96976->96934 96977->96934 96978->96946 96979->96946 96980->96946 96981->96946 96982->96946 96983->96946 96984->96924 96985->96934 96986->96930 96987->96932 96988->96940 96989->96934 96990->96961 96995 b8addd 96991->96995 96992 b8adb6 96992->96946 96993 b9fddb 22 API calls 96993->96995 96994 b8a961 22 API calls 96994->96995 96995->96992 96995->96993 96995->96994 96997 b8adcd 22 API calls 96995->96997 96998 b8a8c7 22 API calls __fread_nolock 96995->96998 96997->96995 96998->96995 96999 b81033 97004 b84c91 96999->97004 97003 b81042 97005 b8a961 22 API calls 97004->97005 97006 b84cff 97005->97006 97013 b83af0 97006->97013 97008 bc3cb6 97010 b84d9c 97010->97008 97011 b81038 97010->97011 97016 b851f7 22 API calls __fread_nolock 97010->97016 97012 ba00a3 29 API calls __onexit 97011->97012 97012->97003 97017 b83b1c 97013->97017 97016->97010 97018 b83b0f 97017->97018 97019 b83b29 97017->97019 97018->97010 97019->97018 97020 b83b30 RegOpenKeyExW 97019->97020 97020->97018 97021 b83b4a RegQueryValueExW 97020->97021 97022 b83b80 RegCloseKey 97021->97022 97023 b83b6b 97021->97023 97022->97018 97023->97022 97024 b83156 97027 b83170 97024->97027 97028 b83187 97027->97028 97029 b831eb 97028->97029 97030 b8318c 97028->97030 97067 b831e9 97028->97067 97034 bc2dfb 97029->97034 97035 b831f1 97029->97035 97031 b83199 97030->97031 97032 b83265 PostQuitMessage 97030->97032 97037 bc2e7c 97031->97037 97038 b831a4 97031->97038 97069 b8316a 97032->97069 97033 b831d0 DefWindowProcW 97033->97069 97079 b818e2 10 API calls 97034->97079 97039 b831f8 97035->97039 97040 b8321d SetTimer RegisterWindowMessageW 97035->97040 97093 bebf30 34 API calls ___scrt_fastfail 97037->97093 97042 bc2e68 97038->97042 97043 b831ae 97038->97043 97046 bc2d9c 97039->97046 97047 b83201 KillTimer 97039->97047 97044 b83246 CreatePopupMenu 97040->97044 97040->97069 97041 bc2e1c 97080 b9e499 42 API calls 97041->97080 97092 bec161 27 API calls ___scrt_fastfail 97042->97092 97050 b831b9 97043->97050 97059 bc2e4d 97043->97059 97044->97069 97051 bc2dd7 MoveWindow 97046->97051 97052 bc2da1 97046->97052 97072 b830f2 97047->97072 97054 b83253 97050->97054 97055 b831c4 97050->97055 97051->97069 97057 bc2dc6 SetFocus 97052->97057 97058 bc2da7 97052->97058 97077 b8326f 44 API calls ___scrt_fastfail 97054->97077 97055->97033 97068 b830f2 Shell_NotifyIconW 97055->97068 97056 bc2e8e 97056->97033 97056->97069 97057->97069 97058->97055 97062 bc2db0 97058->97062 97059->97033 97091 be0ad7 22 API calls 97059->97091 97078 b818e2 10 API calls 97062->97078 97065 b83263 97065->97069 97067->97033 97070 bc2e41 97068->97070 97081 b83837 97070->97081 97073 b83154 97072->97073 97074 b83104 ___scrt_fastfail 97072->97074 97076 b83c50 DeleteObject DestroyWindow 97073->97076 97075 b83123 Shell_NotifyIconW 97074->97075 97075->97073 97076->97069 97077->97065 97078->97069 97079->97041 97080->97055 97082 b83862 ___scrt_fastfail 97081->97082 97094 b84212 97082->97094 97085 b838e8 97087 bc3386 Shell_NotifyIconW 97085->97087 97088 b83906 Shell_NotifyIconW 97085->97088 97098 b83923 97088->97098 97090 b8391c 97090->97067 97091->97067 97092->97065 97093->97056 97095 bc35a4 97094->97095 97096 b838b7 97094->97096 97095->97096 97097 bc35ad DestroyIcon 97095->97097 97096->97085 97120 bec874 42 API calls _strftime 97096->97120 97097->97096 97099 b8393f 97098->97099 97100 b83a13 97098->97100 97121 b86270 97099->97121 97100->97090 97103 b8395a 97105 b86b57 22 API calls 97103->97105 97104 bc3393 LoadStringW 97106 bc33ad 97104->97106 97107 b8396f 97105->97107 97114 b83994 ___scrt_fastfail 97106->97114 97127 b8a8c7 22 API calls __fread_nolock 97106->97127 97108 b8397c 97107->97108 97109 bc33c9 97107->97109 97108->97106 97111 b83986 97108->97111 97128 b86350 22 API calls 97109->97128 97126 b86350 22 API calls 97111->97126 97116 b839f9 Shell_NotifyIconW 97114->97116 97115 bc33d7 97115->97114 97117 b833c6 22 API calls 97115->97117 97116->97100 97118 bc33f9 97117->97118 97119 b833c6 22 API calls 97118->97119 97119->97114 97120->97085 97122 b9fe0b 22 API calls 97121->97122 97123 b86295 97122->97123 97124 b9fddb 22 API calls 97123->97124 97125 b8394d 97124->97125 97125->97103 97125->97104 97126->97114 97127->97114 97128->97115 97129 b82e37 97130 b8a961 22 API calls 97129->97130 97131 b82e4d 97130->97131 97208 b84ae3 97131->97208 97133 b82e6b 97134 b83a5a 24 API calls 97133->97134 97135 b82e7f 97134->97135 97136 b89cb3 22 API calls 97135->97136 97137 b82e8c 97136->97137 97222 b84ecb 97137->97222 97140 b82ead 97244 b8a8c7 22 API calls __fread_nolock 97140->97244 97141 bc2cb0 97262 bf2cf9 97141->97262 97143 bc2cc3 97145 bc2ccf 97143->97145 97288 b84f39 97143->97288 97149 b84f39 68 API calls 97145->97149 97146 b82ec3 97245 b86f88 22 API calls 97146->97245 97151 bc2ce5 97149->97151 97150 b82ecf 97152 b89cb3 22 API calls 97150->97152 97294 b83084 22 API calls 97151->97294 97153 b82edc 97152->97153 97246 b8a81b 41 API calls 97153->97246 97156 b82eec 97158 b89cb3 22 API calls 97156->97158 97157 bc2d02 97295 b83084 22 API calls 97157->97295 97160 b82f12 97158->97160 97247 b8a81b 41 API calls 97160->97247 97162 bc2d1e 97163 b83a5a 24 API calls 97162->97163 97165 bc2d44 97163->97165 97164 b82f21 97168 b8a961 22 API calls 97164->97168 97296 b83084 22 API calls 97165->97296 97167 bc2d50 97297 b8a8c7 22 API calls __fread_nolock 97167->97297 97170 b82f3f 97168->97170 97248 b83084 22 API calls 97170->97248 97171 bc2d5e 97298 b83084 22 API calls 97171->97298 97174 b82f4b 97249 ba4a28 40 API calls 3 library calls 97174->97249 97175 bc2d6d 97299 b8a8c7 22 API calls __fread_nolock 97175->97299 97177 b82f59 97177->97151 97178 b82f63 97177->97178 97250 ba4a28 40 API calls 3 library calls 97178->97250 97181 bc2d83 97300 b83084 22 API calls 97181->97300 97182 b82f6e 97182->97157 97184 b82f78 97182->97184 97251 ba4a28 40 API calls 3 library calls 97184->97251 97186 bc2d90 97187 b82f83 97187->97162 97188 b82f8d 97187->97188 97252 ba4a28 40 API calls 3 library calls 97188->97252 97190 b82f98 97191 b82fdc 97190->97191 97253 b83084 22 API calls 97190->97253 97191->97175 97192 b82fe8 97191->97192 97192->97186 97256 b863eb 22 API calls 97192->97256 97195 b82fbf 97254 b8a8c7 22 API calls __fread_nolock 97195->97254 97196 b82ff8 97257 b86a50 22 API calls 97196->97257 97199 b82fcd 97255 b83084 22 API calls 97199->97255 97200 b83006 97258 b870b0 23 API calls 97200->97258 97205 b83021 97206 b83065 97205->97206 97259 b86f88 22 API calls 97205->97259 97260 b870b0 23 API calls 97205->97260 97261 b83084 22 API calls 97205->97261 97209 b84af0 __wsopen_s 97208->97209 97210 b86b57 22 API calls 97209->97210 97211 b84b22 97209->97211 97210->97211 97221 b84b58 97211->97221 97301 b84c6d 97211->97301 97213 b89cb3 22 API calls 97215 b84c52 97213->97215 97214 b89cb3 22 API calls 97214->97221 97216 b8515f 22 API calls 97215->97216 97219 b84c5e 97216->97219 97217 b84c6d 22 API calls 97217->97221 97218 b8515f 22 API calls 97218->97221 97219->97133 97220 b84c29 97220->97213 97220->97219 97221->97214 97221->97217 97221->97218 97221->97220 97304 b84e90 LoadLibraryA 97222->97304 97227 bc3ccf 97229 b84f39 68 API calls 97227->97229 97228 b84ef6 LoadLibraryExW 97312 b84e59 LoadLibraryA 97228->97312 97231 bc3cd6 97229->97231 97233 b84e59 3 API calls 97231->97233 97235 bc3cde 97233->97235 97334 b850f5 97235->97334 97236 b84f20 97236->97235 97237 b84f2c 97236->97237 97239 b84f39 68 API calls 97237->97239 97240 b82ea5 97239->97240 97240->97140 97240->97141 97243 bc3d05 97244->97146 97245->97150 97246->97156 97247->97164 97248->97174 97249->97177 97250->97182 97251->97187 97252->97190 97253->97195 97254->97199 97255->97191 97256->97196 97257->97200 97258->97205 97259->97205 97260->97205 97261->97205 97263 bf2d15 97262->97263 97264 b8511f 64 API calls 97263->97264 97265 bf2d29 97264->97265 97467 bf2e66 97265->97467 97268 bf2d3f 97268->97143 97269 b850f5 40 API calls 97270 bf2d56 97269->97270 97271 b850f5 40 API calls 97270->97271 97272 bf2d66 97271->97272 97273 b850f5 40 API calls 97272->97273 97274 bf2d81 97273->97274 97275 b850f5 40 API calls 97274->97275 97276 bf2d9c 97275->97276 97277 b8511f 64 API calls 97276->97277 97278 bf2db3 97277->97278 97279 baea0c ___std_exception_copy 21 API calls 97278->97279 97280 bf2dba 97279->97280 97281 baea0c ___std_exception_copy 21 API calls 97280->97281 97282 bf2dc4 97281->97282 97283 b850f5 40 API calls 97282->97283 97284 bf2dd8 97283->97284 97285 bf28fe 27 API calls 97284->97285 97286 bf2dee 97285->97286 97286->97268 97473 bf22ce 79 API calls 97286->97473 97289 b84f43 97288->97289 97291 b84f4a 97288->97291 97474 bae678 97289->97474 97292 b84f59 97291->97292 97293 b84f6a FreeLibrary 97291->97293 97292->97145 97293->97292 97294->97157 97295->97162 97296->97167 97297->97171 97298->97175 97299->97181 97300->97186 97302 b8aec9 22 API calls 97301->97302 97303 b84c78 97302->97303 97303->97211 97305 b84ea8 GetProcAddress 97304->97305 97306 b84ec6 97304->97306 97307 b84eb8 97305->97307 97309 bae5eb 97306->97309 97307->97306 97308 b84ebf FreeLibrary 97307->97308 97308->97306 97342 bae52a 97309->97342 97311 b84eea 97311->97227 97311->97228 97313 b84e8d 97312->97313 97314 b84e6e GetProcAddress 97312->97314 97317 b84f80 97313->97317 97315 b84e7e 97314->97315 97315->97313 97316 b84e86 FreeLibrary 97315->97316 97316->97313 97318 b9fe0b 22 API calls 97317->97318 97319 b84f95 97318->97319 97320 b85722 22 API calls 97319->97320 97321 b84fa1 __fread_nolock 97320->97321 97322 bc3d1d 97321->97322 97323 b850a5 97321->97323 97333 b84fdc 97321->97333 97407 bf304d 74 API calls 97322->97407 97396 b842a2 CreateStreamOnHGlobal 97323->97396 97326 bc3d22 97328 b8511f 64 API calls 97326->97328 97327 b850f5 40 API calls 97327->97333 97329 bc3d45 97328->97329 97330 b850f5 40 API calls 97329->97330 97332 b8506e messages 97330->97332 97332->97236 97333->97326 97333->97327 97333->97332 97402 b8511f 97333->97402 97335 bc3d70 97334->97335 97336 b85107 97334->97336 97429 bae8c4 97336->97429 97339 bf28fe 97450 bf274e 97339->97450 97341 bf2919 97341->97243 97345 bae536 ___BuildCatchObject 97342->97345 97343 bae544 97367 baf2d9 20 API calls _abort 97343->97367 97345->97343 97347 bae574 97345->97347 97346 bae549 97368 bb27ec 26 API calls _abort 97346->97368 97349 bae579 97347->97349 97350 bae586 97347->97350 97369 baf2d9 20 API calls _abort 97349->97369 97359 bb8061 97350->97359 97353 bae58f 97354 bae5a2 97353->97354 97355 bae595 97353->97355 97371 bae5d4 LeaveCriticalSection __fread_nolock 97354->97371 97370 baf2d9 20 API calls _abort 97355->97370 97356 bae554 __wsopen_s 97356->97311 97360 bb806d ___BuildCatchObject 97359->97360 97372 bb2f5e EnterCriticalSection 97360->97372 97362 bb807b 97373 bb80fb 97362->97373 97366 bb80ac __wsopen_s 97366->97353 97367->97346 97368->97356 97369->97356 97370->97356 97371->97356 97372->97362 97382 bb811e 97373->97382 97374 bb8177 97392 bb4c7d 20 API calls 2 library calls 97374->97392 97376 bb8180 97378 bb29c8 _free 20 API calls 97376->97378 97379 bb8189 97378->97379 97381 bb8088 97379->97381 97393 bb3405 11 API calls 2 library calls 97379->97393 97387 bb80b7 97381->97387 97382->97374 97382->97381 97390 ba918d EnterCriticalSection 97382->97390 97391 ba91a1 LeaveCriticalSection 97382->97391 97383 bb81a8 97394 ba918d EnterCriticalSection 97383->97394 97386 bb81bb 97386->97381 97395 bb2fa6 LeaveCriticalSection 97387->97395 97389 bb80be 97389->97366 97390->97382 97391->97382 97392->97376 97393->97383 97394->97386 97395->97389 97397 b842bc FindResourceExW 97396->97397 97401 b842d9 97396->97401 97398 bc35ba LoadResource 97397->97398 97397->97401 97399 bc35cf SizeofResource 97398->97399 97398->97401 97400 bc35e3 LockResource 97399->97400 97399->97401 97400->97401 97401->97333 97403 b8512e 97402->97403 97404 bc3d90 97402->97404 97408 baece3 97403->97408 97407->97326 97411 baeaaa 97408->97411 97410 b8513c 97410->97333 97415 baeab6 ___BuildCatchObject 97411->97415 97412 baeac2 97424 baf2d9 20 API calls _abort 97412->97424 97414 baeae8 97426 ba918d EnterCriticalSection 97414->97426 97415->97412 97415->97414 97416 baeac7 97425 bb27ec 26 API calls _abort 97416->97425 97419 baeaf4 97427 baec0a 62 API calls 2 library calls 97419->97427 97421 baeb08 97428 baeb27 LeaveCriticalSection __fread_nolock 97421->97428 97422 baead2 __wsopen_s 97422->97410 97424->97416 97425->97422 97426->97419 97427->97421 97428->97422 97432 bae8e1 97429->97432 97431 b85118 97431->97339 97433 bae8ed ___BuildCatchObject 97432->97433 97434 bae92d 97433->97434 97435 bae900 ___scrt_fastfail 97433->97435 97436 bae925 __wsopen_s 97433->97436 97447 ba918d EnterCriticalSection 97434->97447 97445 baf2d9 20 API calls _abort 97435->97445 97436->97431 97438 bae937 97448 bae6f8 38 API calls 4 library calls 97438->97448 97440 bae91a 97446 bb27ec 26 API calls _abort 97440->97446 97443 bae94e 97449 bae96c LeaveCriticalSection __fread_nolock 97443->97449 97445->97440 97446->97436 97447->97438 97448->97443 97449->97436 97453 bae4e8 97450->97453 97452 bf275d 97452->97341 97456 bae469 97453->97456 97455 bae505 97455->97452 97457 bae478 97456->97457 97459 bae48c 97456->97459 97464 baf2d9 20 API calls _abort 97457->97464 97463 bae488 __alldvrm 97459->97463 97466 bb333f 11 API calls 2 library calls 97459->97466 97460 bae47d 97465 bb27ec 26 API calls _abort 97460->97465 97463->97455 97464->97460 97465->97463 97466->97463 97472 bf2e7a 97467->97472 97468 bf2d3b 97468->97268 97468->97269 97469 b850f5 40 API calls 97469->97472 97470 bf28fe 27 API calls 97470->97472 97471 b8511f 64 API calls 97471->97472 97472->97468 97472->97469 97472->97470 97472->97471 97473->97268 97475 bae684 ___BuildCatchObject 97474->97475 97476 bae6aa 97475->97476 97477 bae695 97475->97477 97486 bae6a5 __wsopen_s 97476->97486 97487 ba918d EnterCriticalSection 97476->97487 97504 baf2d9 20 API calls _abort 97477->97504 97479 bae69a 97505 bb27ec 26 API calls _abort 97479->97505 97482 bae6c6 97488 bae602 97482->97488 97484 bae6d1 97506 bae6ee LeaveCriticalSection __fread_nolock 97484->97506 97486->97291 97487->97482 97489 bae60f 97488->97489 97490 bae624 97488->97490 97539 baf2d9 20 API calls _abort 97489->97539 97495 bae61f 97490->97495 97507 badc0b 97490->97507 97492 bae614 97540 bb27ec 26 API calls _abort 97492->97540 97495->97484 97500 bae646 97524 bb862f 97500->97524 97503 bb29c8 _free 20 API calls 97503->97495 97504->97479 97505->97486 97506->97486 97508 badc23 97507->97508 97509 badc1f 97507->97509 97508->97509 97510 bad955 __fread_nolock 26 API calls 97508->97510 97513 bb4d7a 97509->97513 97511 badc43 97510->97511 97541 bb59be 62 API calls 5 library calls 97511->97541 97514 bb4d90 97513->97514 97516 bae640 97513->97516 97515 bb29c8 _free 20 API calls 97514->97515 97514->97516 97515->97516 97517 bad955 97516->97517 97518 bad961 97517->97518 97519 bad976 97517->97519 97542 baf2d9 20 API calls _abort 97518->97542 97519->97500 97521 bad966 97543 bb27ec 26 API calls _abort 97521->97543 97523 bad971 97523->97500 97525 bb863e 97524->97525 97527 bb8653 97524->97527 97547 baf2c6 20 API calls _abort 97525->97547 97526 bb868e 97549 baf2c6 20 API calls _abort 97526->97549 97527->97526 97532 bb867a 97527->97532 97529 bb8643 97548 baf2d9 20 API calls _abort 97529->97548 97544 bb8607 97532->97544 97533 bb8693 97550 baf2d9 20 API calls _abort 97533->97550 97536 bae64c 97536->97495 97536->97503 97537 bb869b 97551 bb27ec 26 API calls _abort 97537->97551 97539->97492 97540->97495 97541->97509 97542->97521 97543->97523 97552 bb8585 97544->97552 97546 bb862b 97546->97536 97547->97529 97548->97536 97549->97533 97550->97537 97551->97536 97553 bb8591 ___BuildCatchObject 97552->97553 97563 bb5147 EnterCriticalSection 97553->97563 97555 bb859f 97556 bb85d1 97555->97556 97557 bb85c6 97555->97557 97579 baf2d9 20 API calls _abort 97556->97579 97564 bb86ae 97557->97564 97560 bb85cc 97580 bb85fb LeaveCriticalSection __wsopen_s 97560->97580 97562 bb85ee __wsopen_s 97562->97546 97563->97555 97581 bb53c4 97564->97581 97566 bb86be 97567 bb86c4 97566->97567 97569 bb86f6 97566->97569 97572 bb53c4 __wsopen_s 26 API calls 97566->97572 97594 bb5333 21 API calls 3 library calls 97567->97594 97569->97567 97570 bb53c4 __wsopen_s 26 API calls 97569->97570 97573 bb8702 FindCloseChangeNotification 97570->97573 97571 bb871c 97574 bb873e 97571->97574 97595 baf2a3 20 API calls 2 library calls 97571->97595 97575 bb86ed 97572->97575 97573->97567 97576 bb870e GetLastError 97573->97576 97574->97560 97578 bb53c4 __wsopen_s 26 API calls 97575->97578 97576->97567 97578->97569 97579->97560 97580->97562 97582 bb53d1 97581->97582 97583 bb53e6 97581->97583 97596 baf2c6 20 API calls _abort 97582->97596 97588 bb540b 97583->97588 97598 baf2c6 20 API calls _abort 97583->97598 97585 bb53d6 97597 baf2d9 20 API calls _abort 97585->97597 97588->97566 97589 bb5416 97599 baf2d9 20 API calls _abort 97589->97599 97590 bb53de 97590->97566 97592 bb541e 97600 bb27ec 26 API calls _abort 97592->97600 97594->97571 97595->97574 97596->97585 97597->97590 97598->97589 97599->97592 97600->97590 97601 b81cad SystemParametersInfoW 97602 bc2ba5 97603 bc2baf 97602->97603 97604 b82b25 97602->97604 97606 b83a5a 24 API calls 97603->97606 97630 b82b83 7 API calls 97604->97630 97608 bc2bb8 97606->97608 97610 b89cb3 22 API calls 97608->97610 97612 bc2bc6 97610->97612 97611 b82b2f 97616 b83837 49 API calls 97611->97616 97618 b82b44 97611->97618 97613 bc2bce 97612->97613 97614 bc2bf5 97612->97614 97617 b833c6 22 API calls 97613->97617 97615 b833c6 22 API calls 97614->97615 97629 bc2bf1 GetForegroundWindow ShellExecuteW 97615->97629 97616->97618 97619 bc2bd9 97617->97619 97621 b82b5f 97618->97621 97624 b830f2 Shell_NotifyIconW 97618->97624 97634 b86350 22 API calls 97619->97634 97626 b82b66 SetCurrentDirectoryW 97621->97626 97623 bc2c26 97623->97621 97624->97621 97625 bc2be7 97627 b833c6 22 API calls 97625->97627 97628 b82b7a 97626->97628 97627->97629 97629->97623 97635 b82cd4 7 API calls 97630->97635 97632 b82b2a 97633 b82c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97632->97633 97633->97611 97634->97625 97635->97632 97636 bb8402 97641 bb81be 97636->97641 97638 bb842a 97646 bb81ef try_get_first_available_module 97641->97646 97643 bb83ee 97660 bb27ec 26 API calls _abort 97643->97660 97645 bb8343 97645->97638 97653 bc0984 97645->97653 97649 bb8338 97646->97649 97656 ba8e0b 40 API calls 2 library calls 97646->97656 97648 bb838c 97648->97649 97657 ba8e0b 40 API calls 2 library calls 97648->97657 97649->97645 97659 baf2d9 20 API calls _abort 97649->97659 97651 bb83ab 97651->97649 97658 ba8e0b 40 API calls 2 library calls 97651->97658 97661 bc0081 97653->97661 97655 bc099f 97655->97638 97656->97648 97657->97651 97658->97649 97659->97643 97660->97645 97664 bc008d ___BuildCatchObject 97661->97664 97662 bc009b 97719 baf2d9 20 API calls _abort 97662->97719 97664->97662 97666 bc00d4 97664->97666 97665 bc00a0 97720 bb27ec 26 API calls _abort 97665->97720 97672 bc065b 97666->97672 97671 bc00aa __wsopen_s 97671->97655 97722 bc042f 97672->97722 97675 bc068d 97754 baf2c6 20 API calls _abort 97675->97754 97676 bc06a6 97740 bb5221 97676->97740 97679 bc0692 97755 baf2d9 20 API calls _abort 97679->97755 97680 bc06ab 97681 bc06cb 97680->97681 97682 bc06b4 97680->97682 97753 bc039a CreateFileW 97681->97753 97756 baf2c6 20 API calls _abort 97682->97756 97686 bc00f8 97721 bc0121 LeaveCriticalSection __wsopen_s 97686->97721 97687 bc06b9 97757 baf2d9 20 API calls _abort 97687->97757 97688 bc0781 GetFileType 97691 bc078c GetLastError 97688->97691 97692 bc07d3 97688->97692 97690 bc0756 GetLastError 97759 baf2a3 20 API calls 2 library calls 97690->97759 97760 baf2a3 20 API calls 2 library calls 97691->97760 97762 bb516a 21 API calls 3 library calls 97692->97762 97693 bc0704 97693->97688 97693->97690 97758 bc039a CreateFileW 97693->97758 97697 bc079a CloseHandle 97697->97679 97700 bc07c3 97697->97700 97699 bc0749 97699->97688 97699->97690 97761 baf2d9 20 API calls _abort 97700->97761 97701 bc07f4 97704 bc0840 97701->97704 97763 bc05ab 72 API calls 4 library calls 97701->97763 97703 bc07c8 97703->97679 97708 bc086d 97704->97708 97764 bc014d 72 API calls 4 library calls 97704->97764 97707 bc0866 97707->97708 97709 bc087e 97707->97709 97710 bb86ae __wsopen_s 29 API calls 97708->97710 97709->97686 97711 bc08fc CloseHandle 97709->97711 97710->97686 97765 bc039a CreateFileW 97711->97765 97713 bc0927 97714 bc0931 GetLastError 97713->97714 97715 bc095d 97713->97715 97766 baf2a3 20 API calls 2 library calls 97714->97766 97715->97686 97717 bc093d 97767 bb5333 21 API calls 3 library calls 97717->97767 97719->97665 97720->97671 97721->97671 97723 bc046a 97722->97723 97724 bc0450 97722->97724 97768 bc03bf 97723->97768 97724->97723 97775 baf2d9 20 API calls _abort 97724->97775 97727 bc045f 97776 bb27ec 26 API calls _abort 97727->97776 97729 bc04a2 97730 bc04d1 97729->97730 97777 baf2d9 20 API calls _abort 97729->97777 97738 bc0524 97730->97738 97779 bad70d 26 API calls 2 library calls 97730->97779 97733 bc051f 97735 bc059e 97733->97735 97733->97738 97734 bc04c6 97778 bb27ec 26 API calls _abort 97734->97778 97780 bb27fc 11 API calls _abort 97735->97780 97738->97675 97738->97676 97739 bc05aa 97741 bb522d ___BuildCatchObject 97740->97741 97783 bb2f5e EnterCriticalSection 97741->97783 97743 bb5259 97787 bb5000 21 API calls 3 library calls 97743->97787 97744 bb5234 97744->97743 97748 bb52c7 EnterCriticalSection 97744->97748 97750 bb527b 97744->97750 97747 bb525e 97747->97750 97788 bb5147 EnterCriticalSection 97747->97788 97748->97750 97751 bb52d4 LeaveCriticalSection 97748->97751 97749 bb52a4 __wsopen_s 97749->97680 97784 bb532a 97750->97784 97751->97744 97753->97693 97754->97679 97755->97686 97756->97687 97757->97679 97758->97699 97759->97679 97760->97697 97761->97703 97762->97701 97763->97704 97764->97707 97765->97713 97766->97717 97767->97715 97769 bc03d7 97768->97769 97770 bc03f2 97769->97770 97781 baf2d9 20 API calls _abort 97769->97781 97770->97729 97772 bc0416 97782 bb27ec 26 API calls _abort 97772->97782 97774 bc0421 97774->97729 97775->97727 97776->97723 97777->97734 97778->97730 97779->97733 97780->97739 97781->97772 97782->97774 97783->97744 97789 bb2fa6 LeaveCriticalSection 97784->97789 97786 bb5331 97786->97749 97787->97747 97788->97750 97789->97786 97790 b82de3 97791 b82df0 __wsopen_s 97790->97791 97792 b82e09 97791->97792 97793 bc2c2b ___scrt_fastfail 97791->97793 97794 b83aa2 23 API calls 97792->97794 97796 bc2c47 GetOpenFileNameW 97793->97796 97795 b82e12 97794->97795 97806 b82da5 97795->97806 97798 bc2c96 97796->97798 97799 b86b57 22 API calls 97798->97799 97801 bc2cab 97799->97801 97801->97801 97803 b82e27 97824 b844a8 97803->97824 97807 bc1f50 __wsopen_s 97806->97807 97808 b82db2 GetLongPathNameW 97807->97808 97809 b86b57 22 API calls 97808->97809 97810 b82dda 97809->97810 97811 b83598 97810->97811 97812 b8a961 22 API calls 97811->97812 97813 b835aa 97812->97813 97814 b83aa2 23 API calls 97813->97814 97815 b835b5 97814->97815 97816 b835c0 97815->97816 97820 bc32eb 97815->97820 97818 b8515f 22 API calls 97816->97818 97819 b835cc 97818->97819 97853 b835f3 97819->97853 97822 bc330d 97820->97822 97859 b9ce60 41 API calls 97820->97859 97823 b835df 97823->97803 97825 b84ecb 94 API calls 97824->97825 97826 b844cd 97825->97826 97827 bc3833 97826->97827 97828 b84ecb 94 API calls 97826->97828 97829 bf2cf9 80 API calls 97827->97829 97830 b844e1 97828->97830 97831 bc3848 97829->97831 97830->97827 97832 b844e9 97830->97832 97833 bc384c 97831->97833 97834 bc3869 97831->97834 97836 bc3854 97832->97836 97837 b844f5 97832->97837 97838 b84f39 68 API calls 97833->97838 97835 b9fe0b 22 API calls 97834->97835 97850 bc38ae 97835->97850 97861 beda5a 82 API calls 97836->97861 97860 b8940c 136 API calls 2 library calls 97837->97860 97838->97836 97841 b82e31 97842 bc3862 97842->97834 97843 b84f39 68 API calls 97846 bc3a5f 97843->97846 97846->97843 97867 be989b 82 API calls __wsopen_s 97846->97867 97849 b89cb3 22 API calls 97849->97850 97850->97846 97850->97849 97862 be967e 22 API calls __fread_nolock 97850->97862 97863 be95ad 42 API calls _wcslen 97850->97863 97864 bf0b5a 22 API calls 97850->97864 97865 b8a4a1 22 API calls __fread_nolock 97850->97865 97866 b83ff7 22 API calls 97850->97866 97854 b83605 97853->97854 97858 b83624 __fread_nolock 97853->97858 97856 b9fe0b 22 API calls 97854->97856 97855 b9fddb 22 API calls 97857 b8363b 97855->97857 97856->97858 97857->97823 97858->97855 97859->97820 97860->97841 97861->97842 97862->97850 97863->97850 97864->97850 97865->97850 97866->97850 97867->97846 97868 b81044 97873 b810f3 97868->97873 97870 b8104a 97909 ba00a3 29 API calls __onexit 97870->97909 97872 b81054 97910 b81398 97873->97910 97877 b8116a 97878 b8a961 22 API calls 97877->97878 97879 b81174 97878->97879 97880 b8a961 22 API calls 97879->97880 97881 b8117e 97880->97881 97882 b8a961 22 API calls 97881->97882 97883 b81188 97882->97883 97884 b8a961 22 API calls 97883->97884 97885 b811c6 97884->97885 97886 b8a961 22 API calls 97885->97886 97887 b81292 97886->97887 97920 b8171c 97887->97920 97891 b812c4 97892 b8a961 22 API calls 97891->97892 97893 b812ce 97892->97893 97894 b91940 9 API calls 97893->97894 97895 b812f9 97894->97895 97941 b81aab 97895->97941 97897 b81315 97898 b81325 GetStdHandle 97897->97898 97899 b8137a 97898->97899 97900 bc2485 97898->97900 97903 b81387 OleInitialize 97899->97903 97900->97899 97901 bc248e 97900->97901 97902 b9fddb 22 API calls 97901->97902 97904 bc2495 97902->97904 97903->97870 97948 bf011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97904->97948 97906 bc249e 97949 bf0944 CreateThread 97906->97949 97908 bc24aa CloseHandle 97908->97899 97909->97872 97950 b813f1 97910->97950 97913 b813f1 22 API calls 97914 b813d0 97913->97914 97915 b8a961 22 API calls 97914->97915 97916 b813dc 97915->97916 97917 b86b57 22 API calls 97916->97917 97918 b81129 97917->97918 97919 b81bc3 6 API calls 97918->97919 97919->97877 97921 b8a961 22 API calls 97920->97921 97922 b8172c 97921->97922 97923 b8a961 22 API calls 97922->97923 97924 b81734 97923->97924 97925 b8a961 22 API calls 97924->97925 97926 b8174f 97925->97926 97927 b9fddb 22 API calls 97926->97927 97928 b8129c 97927->97928 97929 b81b4a 97928->97929 97930 b81b58 97929->97930 97931 b8a961 22 API calls 97930->97931 97932 b81b63 97931->97932 97933 b8a961 22 API calls 97932->97933 97934 b81b6e 97933->97934 97935 b8a961 22 API calls 97934->97935 97936 b81b79 97935->97936 97937 b8a961 22 API calls 97936->97937 97938 b81b84 97937->97938 97939 b9fddb 22 API calls 97938->97939 97940 b81b96 RegisterWindowMessageW 97939->97940 97940->97891 97942 bc272d 97941->97942 97943 b81abb 97941->97943 97957 bf3209 23 API calls 97942->97957 97944 b9fddb 22 API calls 97943->97944 97946 b81ac3 97944->97946 97946->97897 97947 bc2738 97948->97906 97949->97908 97958 bf092a 28 API calls 97949->97958 97951 b8a961 22 API calls 97950->97951 97952 b813fc 97951->97952 97953 b8a961 22 API calls 97952->97953 97954 b81404 97953->97954 97955 b8a961 22 API calls 97954->97955 97956 b813c6 97955->97956 97956->97913 97957->97947 97959 bd2a00 97974 b8d7b0 messages 97959->97974 97960 b8db11 PeekMessageW 97960->97974 97961 b8d807 GetInputState 97961->97960 97961->97974 97963 bd1cbe TranslateAcceleratorW 97963->97974 97964 b8db8f PeekMessageW 97964->97974 97965 b8da04 timeGetTime 97965->97974 97966 b8db73 TranslateMessage DispatchMessageW 97966->97964 97967 b8dbaf Sleep 97985 b8dbc0 97967->97985 97968 bd2b74 Sleep 97968->97985 97969 b9e551 timeGetTime 97969->97985 97970 bd1dda timeGetTime 98000 b9e300 23 API calls 97970->98000 97972 bed4dc 47 API calls 97972->97985 97973 bd2c0b GetExitCodeProcess 97975 bd2c37 CloseHandle 97973->97975 97976 bd2c21 WaitForSingleObject 97973->97976 97974->97960 97974->97961 97974->97963 97974->97964 97974->97965 97974->97966 97974->97967 97974->97968 97974->97970 97978 b8d9d5 97974->97978 97987 b8ec40 185 API calls 97974->97987 97988 b91310 185 API calls 97974->97988 97989 b8bf40 185 API calls 97974->97989 97991 b8dd50 97974->97991 97998 b8dfd0 185 API calls 3 library calls 97974->97998 97999 b9edf6 IsDialogMessageW GetClassLongW 97974->97999 98001 bf3a2a 23 API calls 97974->98001 98002 bf359c 82 API calls __wsopen_s 97974->98002 97975->97985 97976->97974 97976->97975 97977 bd2a31 97977->97978 97979 c129bf GetForegroundWindow 97979->97985 97981 bd2ca9 Sleep 97981->97974 97985->97969 97985->97972 97985->97973 97985->97974 97985->97977 97985->97978 97985->97979 97985->97981 98003 c05658 23 API calls 97985->98003 98004 bee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97985->98004 97987->97974 97988->97974 97989->97974 97992 b8dd6f 97991->97992 97993 b8dd83 97991->97993 98005 b8d260 97992->98005 98037 bf359c 82 API calls __wsopen_s 97993->98037 97995 b8dd7a 97995->97974 97997 bd2f75 97997->97997 97998->97974 97999->97974 98000->97974 98001->97974 98002->97974 98003->97985 98004->97985 98006 b8ec40 185 API calls 98005->98006 98025 b8d29d 98006->98025 98007 bd1bc4 98044 bf359c 82 API calls __wsopen_s 98007->98044 98009 b8d30b messages 98009->97995 98010 b8d3c3 98012 b8d6d5 98010->98012 98013 b8d3ce 98010->98013 98011 b8d5ff 98014 bd1bb5 98011->98014 98015 b8d614 98011->98015 98012->98009 98021 b9fe0b 22 API calls 98012->98021 98017 b9fddb 22 API calls 98013->98017 98043 c05705 23 API calls 98014->98043 98019 b9fddb 22 API calls 98015->98019 98016 b8d4b8 98022 b9fe0b 22 API calls 98016->98022 98026 b8d3d5 __fread_nolock 98017->98026 98031 b8d46a 98019->98031 98020 b9fddb 22 API calls 98020->98025 98021->98026 98028 b8d429 __fread_nolock messages 98022->98028 98023 b9fddb 22 API calls 98024 b8d3f6 98023->98024 98024->98028 98038 b8bec0 185 API calls 98024->98038 98025->98007 98025->98009 98025->98010 98025->98012 98025->98016 98025->98020 98025->98028 98026->98023 98026->98024 98028->98011 98029 bd1ba4 98028->98029 98028->98031 98033 bd1b7f 98028->98033 98035 bd1b5d 98028->98035 98039 b81f6f 185 API calls 98028->98039 98042 bf359c 82 API calls __wsopen_s 98029->98042 98031->97995 98041 bf359c 82 API calls __wsopen_s 98033->98041 98040 bf359c 82 API calls __wsopen_s 98035->98040 98037->97997 98038->98028 98039->98028 98040->98031 98041->98031 98042->98031 98043->98007 98044->98009 98045 bc2402 98048 b81410 98045->98048 98049 bc24b8 DestroyWindow 98048->98049 98050 b8144f mciSendStringW 98048->98050 98063 bc24c4 98049->98063 98051 b8146b 98050->98051 98052 b816c6 98050->98052 98053 b81479 98051->98053 98051->98063 98052->98051 98054 b816d5 UnregisterHotKey 98052->98054 98081 b8182e 98053->98081 98054->98052 98056 bc2509 98062 bc251c FreeLibrary 98056->98062 98064 bc252d 98056->98064 98057 bc24d8 98057->98063 98087 b86246 CloseHandle 98057->98087 98058 bc24e2 FindClose 98058->98063 98061 b8148e 98061->98064 98069 b8149c 98061->98069 98062->98056 98063->98056 98063->98057 98063->98058 98065 bc2541 VirtualFree 98064->98065 98072 b81509 98064->98072 98065->98064 98066 b814f8 OleUninitialize 98066->98072 98067 bc2589 98074 bc2598 messages 98067->98074 98088 bf32eb 6 API calls messages 98067->98088 98068 b81514 98071 b81524 98068->98071 98069->98066 98085 b81944 VirtualFreeEx CloseHandle 98071->98085 98072->98067 98072->98068 98077 bc2627 98074->98077 98089 be64d4 22 API calls messages 98074->98089 98076 b8153a 98076->98074 98078 b8161f 98076->98078 98078->98077 98086 b81876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 98078->98086 98080 b816c1 98082 b8183b 98081->98082 98083 b81480 98082->98083 98090 be702a 22 API calls 98082->98090 98083->98056 98083->98061 98085->98076 98086->98080 98087->98057 98088->98067 98089->98074 98090->98082

                                                                                                Executed Functions

                                                                                                Function 00B842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 234 b842de-b8434d call b8a961 GetVersionExW call b86b57 239 bc3617-bc362a 234->239 240 b84353 234->240 241 bc362b-bc362f 239->241 242 b84355-b84357 240->242 243 bc3631 241->243 244 bc3632-bc363e 241->244 245 b8435d-b843bc call b893b2 call b837a0 242->245 246 bc3656 242->246 243->244 244->241 247 bc3640-bc3642 244->247 263 bc37df-bc37e6 245->263 264 b843c2-b843c4 245->264 250 bc365d-bc3660 246->250 247->242 249 bc3648-bc364f 247->249 249->239 252 bc3651 249->252 253 b8441b-b84435 GetCurrentProcess IsWow64Process 250->253 254 bc3666-bc36a8 250->254 252->246 256 b84494-b8449a 253->256 257 b84437 253->257 254->253 258 bc36ae-bc36b1 254->258 260 b8443d-b84449 256->260 257->260 261 bc36db-bc36e5 258->261 262 bc36b3-bc36bd 258->262 269 b8444f-b8445e LoadLibraryA 260->269 270 bc3824-bc3828 GetSystemInfo 260->270 265 bc36f8-bc3702 261->265 266 bc36e7-bc36f3 261->266 271 bc36bf-bc36c5 262->271 272 bc36ca-bc36d6 262->272 267 bc37e8 263->267 268 bc3806-bc3809 263->268 264->250 273 b843ca-b843dd 264->273 277 bc3704-bc3710 265->277 278 bc3715-bc3721 265->278 266->253 276 bc37ee 267->276 279 bc380b-bc381a 268->279 280 bc37f4-bc37fc 268->280 281 b8449c-b844a6 GetSystemInfo 269->281 282 b84460-b8446e GetProcAddress 269->282 271->253 272->253 274 bc3726-bc372f 273->274 275 b843e3-b843e5 273->275 285 bc373c-bc3748 274->285 286 bc3731-bc3737 274->286 283 bc374d-bc3762 275->283 284 b843eb-b843ee 275->284 276->280 277->253 278->253 279->276 287 bc381c-bc3822 279->287 280->268 289 b84476-b84478 281->289 282->281 288 b84470-b84474 GetNativeSystemInfo 282->288 292 bc376f-bc377b 283->292 293 bc3764-bc376a 283->293 290 b843f4-b8440f 284->290 291 bc3791-bc3794 284->291 285->253 286->253 287->280 288->289 294 b8447a-b8447b FreeLibrary 289->294 295 b84481-b84493 289->295 296 bc3780-bc378c 290->296 297 b84415 290->297 291->253 298 bc379a-bc37c1 291->298 292->253 293->253 294->295 296->253 297->253 299 bc37ce-bc37da 298->299 300 bc37c3-bc37c9 298->300 299->253 300->253
                                                                                                APIs
                                                                                                • GetVersionExW.KERNEL32(?), ref: 00B8430D
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                • GetCurrentProcess.KERNEL32(?,00C1CB64,00000000,?,?), ref: 00B84422
                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00B84429
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00B84454
                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00B84466
                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00B84474
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00B8447B
                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00B844A0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                • API String ID: 3290436268-3101561225
                                                                                                • Opcode ID: f46169cf9ac9b2481f68bb71ee12006f1ff4fa699fbc7dd05d2f073c8971e7c3
                                                                                                • Instruction ID: 3833505fa9f6b254cb49927e234ea1765dddbb7c0d96712899a7bbbc1c3d6edc
                                                                                                • Opcode Fuzzy Hash: f46169cf9ac9b2481f68bb71ee12006f1ff4fa699fbc7dd05d2f073c8971e7c3
                                                                                                • Instruction Fuzzy Hash: 1DA1A36D95A3C0DFC711D76878A979D7FE4AB36746B0C88EDE841B3731D6204A88CB21
                                                                                                Function 00B842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 638 b842a2-b842ba CreateStreamOnHGlobal 639 b842da-b842dd 638->639 640 b842bc-b842d3 FindResourceExW 638->640 641 b842d9 640->641 642 bc35ba-bc35c9 LoadResource 640->642 641->639 642->641 643 bc35cf-bc35dd SizeofResource 642->643 643->641 644 bc35e3-bc35ee LockResource 643->644 644->641 645 bc35f4-bc3612 644->645 645->641
                                                                                                APIs
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00B850AA,?,?,00000000,00000000), ref: 00B842B2
                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00B850AA,?,?,00000000,00000000), ref: 00B842C9
                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,00B850AA,?,?,00000000,00000000,?,?,?,?,?,?,00B84F20), ref: 00BC35BE
                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00B850AA,?,?,00000000,00000000,?,?,?,?,?,?,00B84F20), ref: 00BC35D3
                                                                                                • LockResource.KERNEL32(00B850AA,?,?,00B850AA,?,?,00000000,00000000,?,?,?,?,?,?,00B84F20,?), ref: 00BC35E6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                • String ID: SCRIPT
                                                                                                • API String ID: 3051347437-3967369404
                                                                                                • Opcode ID: 260c3dd73e422385e66264a2985e5f420dd56a5d84c3b13661b45bad722eba39
                                                                                                • Instruction ID: c33925ff5f8627f28f68776d48ef343525aab70778565be77046517cfcdc5dd3
                                                                                                • Opcode Fuzzy Hash: 260c3dd73e422385e66264a2985e5f420dd56a5d84c3b13661b45bad722eba39
                                                                                                • Instruction Fuzzy Hash: C811AC70240305BFEB219F65DC88F6B7BB9FBCAB55F1081A9B412C62A0DB71D804C620
                                                                                                Function 00BC2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B82B6B
                                                                                                  • Part of subcall function 00B83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C51418,?,00B82E7F,?,?,?,00000000), ref: 00B83A78
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00C42224), ref: 00BC2C10
                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00C42224), ref: 00BC2C17
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                • String ID: runas
                                                                                                • API String ID: 448630720-4000483414
                                                                                                • Opcode ID: bd3e7f3be13c8efa89af1161100710e787a1f0427e653ec39ac36a9641d8977c
                                                                                                • Instruction ID: 97c4f70d05b0ee2c6db6d6d863f620fd68b3e786a809e6258dd23af3196c2584
                                                                                                • Opcode Fuzzy Hash: bd3e7f3be13c8efa89af1161100710e787a1f0427e653ec39ac36a9641d8977c
                                                                                                • Instruction Fuzzy Hash: 38119331208341AACB14FF60D896FBEB7E4EB95B51F4854ADF582560B2CF258A4AC712
                                                                                                Function 00BED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00BED501
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00BED50F
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00BED52F
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00BED5DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                                • String ID:
                                                                                                • API String ID: 3243318325-0
                                                                                                • Opcode ID: 457a7b32ce0e19f35f5c2985f8db60809e4a02e6b357de90bd1e9216bf05612b
                                                                                                • Instruction ID: 27baf873f0893ba89e1071ffdbf0a48cab7d241bfcf73a7cf205d69a6bedb142
                                                                                                • Opcode Fuzzy Hash: 457a7b32ce0e19f35f5c2985f8db60809e4a02e6b357de90bd1e9216bf05612b
                                                                                                • Instruction Fuzzy Hash: 6B31BF31008340AFD300EF54C885BBFBBF8EF99354F5409ADF581821A1EBB19A48CB92
                                                                                                Function 00BEDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,00BC5222), ref: 00BEDBCE
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00BEDBDD
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BEDBEE
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BEDBFA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                • String ID:
                                                                                                • API String ID: 2695905019-0
                                                                                                • Opcode ID: 34e4aeeff8fb2ff5d4bb88c28434382371942c88ffa21bd9ca75c2d695efaf12
                                                                                                • Instruction ID: c088812154a859821568f0a470af6000cefc1396cdbe16b028e654ea80647200
                                                                                                • Opcode Fuzzy Hash: 34e4aeeff8fb2ff5d4bb88c28434382371942c88ffa21bd9ca75c2d695efaf12
                                                                                                • Instruction Fuzzy Hash: 25F0A7304505105783206B789C4D6AE37ACEE02374B208B42F436C11F0EBF099548596
                                                                                                Function 00BA4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00BB28E9,?,00BA4CBE,00BB28E9,00C488B8,0000000C,00BA4E15,00BB28E9,00000002,00000000,?,00BB28E9), ref: 00BA4D09
                                                                                                • TerminateProcess.KERNEL32(00000000,?,00BA4CBE,00BB28E9,00C488B8,0000000C,00BA4E15,00BB28E9,00000002,00000000,?,00BB28E9), ref: 00BA4D10
                                                                                                • ExitProcess.KERNEL32 ref: 00BA4D22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 1703294689-0
                                                                                                • Opcode ID: ac042f9a621aab3825afc34dd8b0c5a332fce6d4101091aeb03731288af30d3f
                                                                                                • Instruction ID: 9da1bd8c382e31fc74ce1019f6a88b6d9ba28cdf9619d6cd96dfed4d8b1f317c
                                                                                                • Opcode Fuzzy Hash: ac042f9a621aab3825afc34dd8b0c5a332fce6d4101091aeb03731288af30d3f
                                                                                                • Instruction Fuzzy Hash: 08E0B631044148AFCF11AF54DD49B9C7BA9FB83795B508065FD558A132DB75DE42CA80
                                                                                                Function 00B8D730 Relevance: 21.6, APIs: 14, Instructions: 616windowsleeptimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 00B8D807
                                                                                                • timeGetTime.WINMM ref: 00B8DA07
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B8DB28
                                                                                                • TranslateMessage.USER32(?), ref: 00B8DB7B
                                                                                                • DispatchMessageW.USER32(?), ref: 00B8DB89
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B8DB9F
                                                                                                • Sleep.KERNEL32(0000000A), ref: 00B8DBB1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                • String ID:
                                                                                                • API String ID: 2189390790-0
                                                                                                • Opcode ID: e7a20a419ce24f9b247097806070af1f527c7356900364656b94012f12a66295
                                                                                                • Instruction ID: e22a10038c862c64bfc8a6d539c966c43ecd1c2924aa659ba466dbd7ea6f753d
                                                                                                • Opcode Fuzzy Hash: e7a20a419ce24f9b247097806070af1f527c7356900364656b94012f12a66295
                                                                                                • Instruction Fuzzy Hash: 7D42B170608341AFD728EF24C884BAAF7E1FF56314F5485AAE555873E1E770E884CB92
                                                                                                Function 00B82CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00B82D07
                                                                                                • RegisterClassExW.USER32(00000030), ref: 00B82D31
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B82D42
                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00B82D5F
                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B82D6F
                                                                                                • LoadIconW.USER32(000000A9), ref: 00B82D85
                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B82D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                • API String ID: 2914291525-1005189915
                                                                                                • Opcode ID: e3c9c6a1e5dc533cf566880649de889b7f6af7ea0f4cd7940b44e567cef5341c
                                                                                                • Instruction ID: 82f5e432c3320fc1f9c825f8e9cdaf439b38b20a5c2a792e95e9b952f25518a7
                                                                                                • Opcode Fuzzy Hash: e3c9c6a1e5dc533cf566880649de889b7f6af7ea0f4cd7940b44e567cef5341c
                                                                                                • Instruction Fuzzy Hash: 2421C0B9941318AFDB00DFA4E889BDDBBB4FB09701F04811AF911B62A0D7B14584CF91
                                                                                                Function 00BC065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 302 bc065b-bc068b call bc042f 305 bc068d-bc0698 call baf2c6 302->305 306 bc06a6-bc06b2 call bb5221 302->306 311 bc069a-bc06a1 call baf2d9 305->311 312 bc06cb-bc0714 call bc039a 306->312 313 bc06b4-bc06c9 call baf2c6 call baf2d9 306->313 322 bc097d-bc0983 311->322 320 bc0716-bc071f 312->320 321 bc0781-bc078a GetFileType 312->321 313->311 324 bc0756-bc077c GetLastError call baf2a3 320->324 325 bc0721-bc0725 320->325 326 bc078c-bc07bd GetLastError call baf2a3 CloseHandle 321->326 327 bc07d3-bc07d6 321->327 324->311 325->324 331 bc0727-bc0754 call bc039a 325->331 326->311 341 bc07c3-bc07ce call baf2d9 326->341 329 bc07df-bc07e5 327->329 330 bc07d8-bc07dd 327->330 334 bc07e9-bc0837 call bb516a 329->334 335 bc07e7 329->335 330->334 331->321 331->324 345 bc0839-bc0845 call bc05ab 334->345 346 bc0847-bc086b call bc014d 334->346 335->334 341->311 345->346 351 bc086f-bc0879 call bb86ae 345->351 352 bc086d 346->352 353 bc087e-bc08c1 346->353 351->322 352->351 355 bc08e2-bc08f0 353->355 356 bc08c3-bc08c7 353->356 359 bc097b 355->359 360 bc08f6-bc08fa 355->360 356->355 358 bc08c9-bc08dd 356->358 358->355 359->322 360->359 361 bc08fc-bc092f CloseHandle call bc039a 360->361 364 bc0931-bc095d GetLastError call baf2a3 call bb5333 361->364 365 bc0963-bc0977 361->365 364->365 365->359
                                                                                                APIs
                                                                                                  • Part of subcall function 00BC039A: CreateFileW.KERNEL32(00000000,00000000,?,00BC0704,?,?,00000000,?,00BC0704,00000000,0000000C), ref: 00BC03B7
                                                                                                • GetLastError.KERNEL32 ref: 00BC076F
                                                                                                • __dosmaperr.LIBCMT ref: 00BC0776
                                                                                                • GetFileType.KERNEL32(00000000), ref: 00BC0782
                                                                                                • GetLastError.KERNEL32 ref: 00BC078C
                                                                                                • __dosmaperr.LIBCMT ref: 00BC0795
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BC07B5
                                                                                                • CloseHandle.KERNEL32(?), ref: 00BC08FF
                                                                                                • GetLastError.KERNEL32 ref: 00BC0931
                                                                                                • __dosmaperr.LIBCMT ref: 00BC0938
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                • String ID: H
                                                                                                • API String ID: 4237864984-2852464175
                                                                                                • Opcode ID: 482910c3cba5dae4265830702a98940332dfaed277b78e8b747a4bd9024dff6a
                                                                                                • Instruction ID: 3d261882f4a89ad89f856a77260a37d1e296003881ec35c7047a0d3a16f6e60e
                                                                                                • Opcode Fuzzy Hash: 482910c3cba5dae4265830702a98940332dfaed277b78e8b747a4bd9024dff6a
                                                                                                • Instruction Fuzzy Hash: FAA10736A142058FDF19BFA8D891BED7BE0EB46320F14419DF815EB291D7319D12CB91
                                                                                                Function 00B8344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 00B83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C51418,?,00B82E7F,?,?,?,00000000), ref: 00B83A78
                                                                                                  • Part of subcall function 00B83357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B83379
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00B8356A
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00BC318D
                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00BC31CE
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00BC3210
                                                                                                • _wcslen.LIBCMT ref: 00BC3277
                                                                                                • _wcslen.LIBCMT ref: 00BC3286
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                • API String ID: 98802146-2727554177
                                                                                                • Opcode ID: e1351d1a650b0e82656f82799f5bd4242bbd5255c2792f19cf928215418cc3c4
                                                                                                • Instruction ID: af050542db7a26b8d595f815da6b7da7604f866ce2e3df03a1fc2d62775a352c
                                                                                                • Opcode Fuzzy Hash: e1351d1a650b0e82656f82799f5bd4242bbd5255c2792f19cf928215418cc3c4
                                                                                                • Instruction Fuzzy Hash: 86715B755083019EC714EF65DC81AAFBBECFF9A740B80446EF545A7170EB349A88CB52
                                                                                                Function 00B82B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00B82B8E
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00B82B9D
                                                                                                • LoadIconW.USER32(00000063), ref: 00B82BB3
                                                                                                • LoadIconW.USER32(000000A4), ref: 00B82BC5
                                                                                                • LoadIconW.USER32(000000A2), ref: 00B82BD7
                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00B82BEF
                                                                                                • RegisterClassExW.USER32(?), ref: 00B82C40
                                                                                                  • Part of subcall function 00B82CD4: GetSysColorBrush.USER32(0000000F), ref: 00B82D07
                                                                                                  • Part of subcall function 00B82CD4: RegisterClassExW.USER32(00000030), ref: 00B82D31
                                                                                                  • Part of subcall function 00B82CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B82D42
                                                                                                  • Part of subcall function 00B82CD4: InitCommonControlsEx.COMCTL32(?), ref: 00B82D5F
                                                                                                  • Part of subcall function 00B82CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B82D6F
                                                                                                  • Part of subcall function 00B82CD4: LoadIconW.USER32(000000A9), ref: 00B82D85
                                                                                                  • Part of subcall function 00B82CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B82D94
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                • String ID: #$0$AutoIt v3
                                                                                                • API String ID: 423443420-4155596026
                                                                                                • Opcode ID: 29268f27bb3c01279fb42ca5e7659e6090e9b0f7be099caa548eee97eb834cf3
                                                                                                • Instruction ID: fcd16cb7310236c1ad0aff3be089f6a1b256466c3a128baadc27cc5cb5fe71e7
                                                                                                • Opcode Fuzzy Hash: 29268f27bb3c01279fb42ca5e7659e6090e9b0f7be099caa548eee97eb834cf3
                                                                                                • Instruction Fuzzy Hash: 31214F78E40314ABDB109F95ECA9BAD7FB4FB08B51F08415AFA00B66B0D3B14580CF90
                                                                                                Function 00B83170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 443 b83170-b83185 444 b831e5-b831e7 443->444 445 b83187-b8318a 443->445 444->445 446 b831e9 444->446 447 b831eb 445->447 448 b8318c-b83193 445->448 451 b831d0-b831d8 DefWindowProcW 446->451 452 bc2dfb-bc2e23 call b818e2 call b9e499 447->452 453 b831f1-b831f6 447->453 449 b83199-b8319e 448->449 450 b83265-b8326d PostQuitMessage 448->450 455 bc2e7c-bc2e90 call bebf30 449->455 456 b831a4-b831a8 449->456 458 b83219-b8321b 450->458 457 b831de-b831e4 451->457 486 bc2e28-bc2e2f 452->486 459 b831f8-b831fb 453->459 460 b8321d-b83244 SetTimer RegisterWindowMessageW 453->460 455->458 480 bc2e96 455->480 462 bc2e68-bc2e77 call bec161 456->462 463 b831ae-b831b3 456->463 458->457 466 bc2d9c-bc2d9f 459->466 467 b83201-b8320f KillTimer call b830f2 459->467 460->458 464 b83246-b83251 CreatePopupMenu 460->464 462->458 470 bc2e4d-bc2e54 463->470 471 b831b9-b831be 463->471 464->458 473 bc2dd7-bc2df6 MoveWindow 466->473 474 bc2da1-bc2da5 466->474 484 b83214 call b83c50 467->484 470->451 483 bc2e5a-bc2e63 call be0ad7 470->483 478 b83253-b83263 call b8326f 471->478 479 b831c4-b831ca 471->479 473->458 481 bc2dc6-bc2dd2 SetFocus 474->481 482 bc2da7-bc2daa 474->482 478->458 479->451 479->486 480->451 481->458 482->479 487 bc2db0-bc2dc1 call b818e2 482->487 483->451 484->458 486->451 491 bc2e35-bc2e48 call b830f2 call b83837 486->491 487->458 491->451
                                                                                                APIs
                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00B8316A,?,?), ref: 00B831D8
                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00B8316A,?,?), ref: 00B83204
                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B83227
                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00B8316A,?,?), ref: 00B83232
                                                                                                • CreatePopupMenu.USER32 ref: 00B83246
                                                                                                • PostQuitMessage.USER32(00000000), ref: 00B83267
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                • String ID: TaskbarCreated
                                                                                                • API String ID: 129472671-2362178303
                                                                                                • Opcode ID: a7c9111bd28e142b7cff8195c5d15b08b22440f357d3649830ceaf21a11fab47
                                                                                                • Instruction ID: 39ed07b3296acf22c3caa974d9fff6e12979372b899d56a0aab84c3759b19c03
                                                                                                • Opcode Fuzzy Hash: a7c9111bd28e142b7cff8195c5d15b08b22440f357d3649830ceaf21a11fab47
                                                                                                • Instruction Fuzzy Hash: 0E41E439240204A6DF147F789D9DBBD3AD9F706F41F0841A9FD02A62B1DBA19A80D7A1
                                                                                                Function 00B81410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 499 b81410-b81449 500 bc24b8-bc24b9 DestroyWindow 499->500 501 b8144f-b81465 mciSendStringW 499->501 504 bc24c4-bc24d1 500->504 502 b8146b-b81473 501->502 503 b816c6-b816d3 501->503 502->504 505 b81479-b81488 call b8182e 502->505 506 b816f8-b816ff 503->506 507 b816d5-b816f0 UnregisterHotKey 503->507 508 bc2500-bc2507 504->508 509 bc24d3-bc24d6 504->509 520 bc250e-bc251a 505->520 521 b8148e-b81496 505->521 506->502 512 b81705 506->512 507->506 511 b816f2-b816f3 call b810d0 507->511 508->504 513 bc2509 508->513 514 bc24d8-bc24e0 call b86246 509->514 515 bc24e2-bc24e5 FindClose 509->515 511->506 512->503 513->520 519 bc24eb-bc24f8 514->519 515->519 519->508 525 bc24fa-bc24fb call bf32b1 519->525 522 bc251c-bc251e FreeLibrary 520->522 523 bc2524-bc252b 520->523 526 b8149c-b814c1 call b8cfa0 521->526 527 bc2532-bc253f 521->527 522->523 523->520 528 bc252d 523->528 525->508 536 b814f8-b81503 OleUninitialize 526->536 537 b814c3 526->537 529 bc2566-bc256d 527->529 530 bc2541-bc255e VirtualFree 527->530 528->527 529->527 534 bc256f 529->534 530->529 533 bc2560-bc2561 call bf3317 530->533 533->529 541 bc2574-bc2578 534->541 540 b81509-b8150e 536->540 536->541 539 b814c6-b814f6 call b81a05 call b819ae 537->539 539->536 543 bc2589-bc2596 call bf32eb 540->543 544 b81514-b8151e 540->544 541->540 545 bc257e-bc2584 541->545 557 bc2598 543->557 548 b81524-b815a5 call b8988f call b81944 call b817d5 call b9fe14 call b8177c call b8988f call b8cfa0 call b817fe call b9fe14 544->548 549 b81707-b81714 call b9f80e 544->549 545->540 561 bc259d-bc25bf call b9fdcd 548->561 589 b815ab-b815cf call b9fe14 548->589 549->548 559 b8171a 549->559 557->561 559->549 568 bc25c1 561->568 571 bc25c6-bc25e8 call b9fdcd 568->571 577 bc25ea 571->577 579 bc25ef-bc2611 call b9fdcd 577->579 585 bc2613 579->585 588 bc2618-bc2625 call be64d4 585->588 594 bc2627 588->594 589->571 595 b815d5-b815f9 call b9fe14 589->595 598 bc262c-bc2639 call b9ac64 594->598 595->579 599 b815ff-b81619 call b9fe14 595->599 604 bc263b 598->604 599->588 605 b8161f-b81643 call b817d5 call b9fe14 599->605 606 bc2640-bc264d call bf3245 604->606 605->598 614 b81649-b81651 605->614 612 bc264f 606->612 615 bc2654-bc2661 call bf32cc 612->615 614->606 616 b81657-b81675 call b8988f call b8190a 614->616 621 bc2663 615->621 616->615 624 b8167b-b81689 616->624 625 bc2668-bc2675 call bf32cc 621->625 624->625 626 b8168f-b816c5 call b8988f * 3 call b81876 624->626 631 bc2677 625->631 631->631
                                                                                                APIs
                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00B81459
                                                                                                • OleUninitialize.OLE32(?,00000000), ref: 00B814F8
                                                                                                • UnregisterHotKey.USER32(?), ref: 00B816DD
                                                                                                • DestroyWindow.USER32(?), ref: 00BC24B9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 00BC251E
                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00BC254B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                • String ID: close all
                                                                                                • API String ID: 469580280-3243417748
                                                                                                • Opcode ID: f4e636d9b28449e1639430d902727b7ed7d45838392919502b63a36cd2a52267
                                                                                                • Instruction ID: 5ad421a0d8414d113c4c4a8610efd01098e2e5ef2cb8a56eaaa25ee186890dfe
                                                                                                • Opcode Fuzzy Hash: f4e636d9b28449e1639430d902727b7ed7d45838392919502b63a36cd2a52267
                                                                                                • Instruction Fuzzy Hash: 08D125716022128FDB19EF18C895F69F7E8BF15710F2486EDE54AAB261DB30AD12CF50
                                                                                                Function 00B82C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 648 b82c63-b82cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00B82C91
                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00B82CB2
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00B81CAD,?), ref: 00B82CC6
                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00B81CAD,?), ref: 00B82CCF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$CreateShow
                                                                                                • String ID: AutoIt v3$edit
                                                                                                • API String ID: 1584632944-3779509399
                                                                                                • Opcode ID: b14c60553d7603174488fb27cc13456b676da5b0a4a452f909ba778ec42638bc
                                                                                                • Instruction ID: 70284d99920ec410c9aaec35d223d766da7209c2044434b040a1755ac64105cb
                                                                                                • Opcode Fuzzy Hash: b14c60553d7603174488fb27cc13456b676da5b0a4a452f909ba778ec42638bc
                                                                                                • Instruction Fuzzy Hash: EAF03A795803907AEB301B13AC5CFBB2EBDE7C7F61F05401AFD00A21B0C6614880DAB0
                                                                                                Function 00C0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 763 c0ad64-c0ad9c call b8a961 call ba2340 768 c0add1-c0add5 763->768 769 c0ad9e-c0adb5 call b87510 763->769 770 c0adf1-c0adf5 768->770 771 c0add7-c0adee call b87510 call b87620 768->771 769->768 777 c0adb7-c0adce call b87510 call b87620 769->777 774 c0adf7-c0ae0e call b87510 770->774 775 c0ae3a 770->775 771->770 779 c0ae3c-c0ae40 774->779 790 c0ae10-c0ae21 call b89b47 774->790 775->779 777->768 783 c0ae42-c0ae50 call b8b567 779->783 784 c0ae53-c0aeae call ba2340 call b87510 ShellExecuteExW 779->784 783->784 800 c0aeb0-c0aeb6 call b9fe14 784->800 801 c0aeb7-c0aeb9 784->801 790->775 799 c0ae23-c0ae2e call b87510 790->799 799->775 808 c0ae30-c0ae35 call b8a8c7 799->808 800->801 805 c0aec2-c0aec6 801->805 806 c0aebb-c0aec1 call b9fe14 801->806 810 c0aec8-c0aed6 805->810 811 c0af0a-c0af0e 805->811 806->805 808->775 816 c0aed8 810->816 817 c0aedb-c0aeeb 810->817 812 c0af10-c0af19 811->812 813 c0af1b-c0af33 call b8cfa0 811->813 818 c0af6d-c0af7b call b8988f 812->818 813->818 825 c0af35-c0af46 GetProcessId 813->825 816->817 820 c0aef0-c0af08 call b8cfa0 817->820 821 c0aeed 817->821 820->818 821->820 828 c0af48 825->828 829 c0af4e-c0af67 call b8cfa0 CloseHandle 825->829 828->829 829->818
                                                                                                APIs
                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00C0AEA3
                                                                                                  • Part of subcall function 00B87620: _wcslen.LIBCMT ref: 00B87625
                                                                                                • GetProcessId.KERNEL32(00000000), ref: 00C0AF38
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0AF67
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                • String ID: <$@
                                                                                                • API String ID: 146682121-1426351568
                                                                                                • Opcode ID: e2b23e7ad95ad289c63c0c4fbcc727824628d56bafe7d69f4b2d8a64fa5151c8
                                                                                                • Instruction ID: 4a8fd0b77a06b3198a7bd9b53fdcb2e0ae4e6b17406c3963f0cb03d1531d2b72
                                                                                                • Opcode Fuzzy Hash: e2b23e7ad95ad289c63c0c4fbcc727824628d56bafe7d69f4b2d8a64fa5151c8
                                                                                                • Instruction Fuzzy Hash: B2715971A00615DFCB14EF94C494A9EBBF0FF08314F148499E866AB7A2CB74EE45CB91
                                                                                                Function 00B810F3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153comCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B81BF4
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00B81BFC
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B81C07
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B81C12
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00B81C1A
                                                                                                  • Part of subcall function 00B81BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00B81C22
                                                                                                  • Part of subcall function 00B81B4A: RegisterWindowMessageW.USER32(00000004,?,00B812C4), ref: 00B81BA2
                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00B8136A
                                                                                                • OleInitialize.OLE32 ref: 00B81388
                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00BC24AB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                • String ID: P?$`a
                                                                                                • API String ID: 1986988660-3550239740
                                                                                                • Opcode ID: 56cf2cd2ad679528e37b8da0c9a5a529ca3895ec320d5b364433c8c4e7dafe9e
                                                                                                • Instruction ID: 9741faa1b6a21b8b9364f2199a4697e7fccad470abf214a41d90c4d58a58f8b1
                                                                                                • Opcode Fuzzy Hash: 56cf2cd2ad679528e37b8da0c9a5a529ca3895ec320d5b364433c8c4e7dafe9e
                                                                                                • Instruction Fuzzy Hash: 6B71AFBC9113008ECB84EF79A84D7593AE4EB8935679D856AEC0AE7271FB3044C5CF44
                                                                                                Function 00B83B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 911 b83b1c-b83b27 912 b83b99-b83b9b 911->912 913 b83b29-b83b2e 911->913 914 b83b8c-b83b8f 912->914 913->912 915 b83b30-b83b48 RegOpenKeyExW 913->915 915->912 916 b83b4a-b83b69 RegQueryValueExW 915->916 917 b83b6b-b83b76 916->917 918 b83b80-b83b8b RegCloseKey 916->918 919 b83b78-b83b7a 917->919 920 b83b90-b83b97 917->920 918->914 921 b83b7e 919->921 920->921 921->918
                                                                                                APIs
                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00B83B0F,SwapMouseButtons,00000004,?), ref: 00B83B40
                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00B83B0F,SwapMouseButtons,00000004,?), ref: 00B83B61
                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00B83B0F,SwapMouseButtons,00000004,?), ref: 00B83B83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: Control Panel\Mouse
                                                                                                • API String ID: 3677997916-824357125
                                                                                                • Opcode ID: 737841449b1e89c57c82044b907f96cf712739d08df7bafba25614156afa5c5d
                                                                                                • Instruction ID: 8976acad579f520f1c0914b0850383c16b4b7a98002115c574974bccd2a1d98d
                                                                                                • Opcode Fuzzy Hash: 737841449b1e89c57c82044b907f96cf712739d08df7bafba25614156afa5c5d
                                                                                                • Instruction Fuzzy Hash: DF112AB5510208FFDB20DFA5DC84AEEB7F8EF05B84B108499B805D7120E2319F40D760
                                                                                                Function 00B83923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00BC33A2
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B83A04
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                • String ID: Line:
                                                                                                • API String ID: 2289894680-1585850449
                                                                                                • Opcode ID: 997325237cb6df3aaf4b6697cbe507a4185f19b36071e739d66b9f9756d84220
                                                                                                • Instruction ID: b3bee8abe5cff71281dd31d0129583384da35434f7028b55f66f4dc1923fb459
                                                                                                • Opcode Fuzzy Hash: 997325237cb6df3aaf4b6697cbe507a4185f19b36071e739d66b9f9756d84220
                                                                                                • Instruction Fuzzy Hash: 9431C571408304AAC725FB10DC59BEF77D8AB41B10F0445AEF99A920B1EB709649C7C6
                                                                                                Function 00B9FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00BA0668
                                                                                                  • Part of subcall function 00BA32A4: RaiseException.KERNEL32(?,?,?,00BA068A,?,00C51444,?,?,?,?,?,?,00BA068A,00B81129,00C48738,00B81129), ref: 00BA3304
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00BA0685
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                • String ID: Unknown exception
                                                                                                • API String ID: 3476068407-410509341
                                                                                                • Opcode ID: 1f5f03aea56ee66e0ef586013e0bc7b425e5eba1a3dc20ddc4564ef2d7bd114d
                                                                                                • Instruction ID: d7327153bb24430b9a740515a640b1a3f904e8fc1b27ded4f029a14bb717efc2
                                                                                                • Opcode Fuzzy Hash: 1f5f03aea56ee66e0ef586013e0bc7b425e5eba1a3dc20ddc4564ef2d7bd114d
                                                                                                • Instruction Fuzzy Hash: CFF0C83490830D778F04B668D886DAD7BEC9E42354F6041F1B914D5591EF71EA69C5D0
                                                                                                Function 00BB86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00BB85CC,?,00C48CC8,0000000C), ref: 00BB8704
                                                                                                • GetLastError.KERNEL32(?,00BB85CC,?,00C48CC8,0000000C), ref: 00BB870E
                                                                                                • __dosmaperr.LIBCMT ref: 00BB8739
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 490808831-0
                                                                                                • Opcode ID: 921107fb373bda430216816945bc743543ebacde9bb8742df0cdb5c3fcb4ba45
                                                                                                • Instruction ID: f87c4bd37b9548b1c6ad1a6e38ae1bd294dde064a2f925896eb895b585b60ae1
                                                                                                • Opcode Fuzzy Hash: 921107fb373bda430216816945bc743543ebacde9bb8742df0cdb5c3fcb4ba45
                                                                                                • Instruction Fuzzy Hash: DD012B3260572027D6747274A8857FE67CD8B82778F3902D9F81A9B1D2DEE08C81C155
                                                                                                Function 00B91310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 00B917F6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer
                                                                                                • String ID: CALL
                                                                                                • API String ID: 1385522511-4196123274
                                                                                                • Opcode ID: 8c3882fb18812ff94149e3c34291eaafafee6804a1c33d66a05529ebaf7d0201
                                                                                                • Instruction ID: 3e7f6a1974766b9fc0cd0a2b2fd353153a4fd8b4fe5a1724ed44a7dcc05198e5
                                                                                                • Opcode Fuzzy Hash: 8c3882fb18812ff94149e3c34291eaafafee6804a1c33d66a05529ebaf7d0201
                                                                                                • Instruction Fuzzy Hash: FB2269746082029FCB14DF18C490B2ABBF1FF99314F2589ADF4968B3A1D731E845DB92
                                                                                                Function 00B82DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00BC2C8C
                                                                                                  • Part of subcall function 00B83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B83A97,?,?,00B82E7F,?,?,?,00000000), ref: 00B83AC2
                                                                                                  • Part of subcall function 00B82DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00B82DC4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                • String ID: X
                                                                                                • API String ID: 779396738-3081909835
                                                                                                • Opcode ID: 627cef083e7f0319fc576604a7d82f48acabfabd375bd9572b2af89e0085503e
                                                                                                • Instruction ID: 04e851ec0739f2f01020bdba917fe1bdd2d3b0a9e795646213fe8157a9af9edc
                                                                                                • Opcode Fuzzy Hash: 627cef083e7f0319fc576604a7d82f48acabfabd375bd9572b2af89e0085503e
                                                                                                • Instruction Fuzzy Hash: 9221A271A002589FDF01EF98C849BEE7BF8EF49715F008099E505B7251DBB49A89CFA1
                                                                                                Function 00B83837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B83908
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: 135880e66b729195efaca921f02a641e4a6c3ce33dfa01c68560ac1ce3374481
                                                                                                • Instruction ID: d962d2a4ee38eb8085788b70c4795abb5b3669ce0e38965edb33972275c40b8e
                                                                                                • Opcode Fuzzy Hash: 135880e66b729195efaca921f02a641e4a6c3ce33dfa01c68560ac1ce3374481
                                                                                                • Instruction Fuzzy Hash: A231D870504301DFD720EF24D8947ABBBF4FB49B09F04096EF99A93260E771AA44CB52
                                                                                                Function 00B84ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B84E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B84EDD,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E9C
                                                                                                  • Part of subcall function 00B84E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B84EAE
                                                                                                  • Part of subcall function 00B84E90: FreeLibrary.KERNEL32(00000000,?,?,00B84EDD,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84EC0
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84EFD
                                                                                                  • Part of subcall function 00B84E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BC3CDE,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E62
                                                                                                  • Part of subcall function 00B84E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B84E74
                                                                                                  • Part of subcall function 00B84E59: FreeLibrary.KERNEL32(00000000,?,?,00BC3CDE,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E87
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                • String ID:
                                                                                                • API String ID: 2632591731-0
                                                                                                • Opcode ID: a92957b864a241654020db54e19c2a5bf0af98efb2024f27bcc89b5831cb9852
                                                                                                • Instruction ID: 16ee63ec8a5d650a061ceba16a48bc4e5a0d354e11e91d8b5f7858271e828104
                                                                                                • Opcode Fuzzy Hash: a92957b864a241654020db54e19c2a5bf0af98efb2024f27bcc89b5831cb9852
                                                                                                • Instruction Fuzzy Hash: 2111C132600306AACB24BB60DC42FED77E5AF50B15F1084AEF646A61E1EF709A45D750
                                                                                                Function 00BB8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __wsopen_s
                                                                                                • String ID:
                                                                                                • API String ID: 3347428461-0
                                                                                                • Opcode ID: e794dab4ef6368839fad4f217c24717770497eb3879fbda1a58d6eca774732dc
                                                                                                • Instruction ID: 26726c99554a5a6a1d2d35ccbbcdcfe2bcd8b25f145b372994b78685d6b39867
                                                                                                • Opcode Fuzzy Hash: e794dab4ef6368839fad4f217c24717770497eb3879fbda1a58d6eca774732dc
                                                                                                • Instruction Fuzzy Hash: FC11187590420AAFCF05DF58E941AEE7BF9EF48314F104099FC08AB312DA71DA11CBA5
                                                                                                Function 00BAE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction ID: 13b46511b4790e66335a1948b778ce75b99150e564096cc9ce7aac895715f464
                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                • Instruction Fuzzy Hash: C0F0F432514A10A7D6313A6D9C09BAA33DC9F53330F100FE5F435922D2DBB0D80586A5
                                                                                                Function 00BB3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6,?,00B81129), ref: 00BB3852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 13f438f6e11c10d4599d4234d4091484335c36a0d3b9d6c74555b8badf62f463
                                                                                                • Instruction ID: ef42d5894c65510ff0734b5206d86c50647cc08af868d27aa098c857b7355064
                                                                                                • Opcode Fuzzy Hash: 13f438f6e11c10d4599d4234d4091484335c36a0d3b9d6c74555b8badf62f463
                                                                                                • Instruction Fuzzy Hash: A9E0E531144224ABD72126AADC04BFA36C8FB83FB0F1600F0BC0492490EBD1DD0183E2
                                                                                                Function 00B84F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FreeLibrary.KERNEL32(?,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84F6D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary
                                                                                                • String ID:
                                                                                                • API String ID: 3664257935-0
                                                                                                • Opcode ID: 6cea8c5f08a47daccb9f2f617f421422260b3a2c2aa9a568636a90cc2088744c
                                                                                                • Instruction ID: d6da145e24400f2d7f78ab107015edb0a7cec6ad565bf421406f5340caa5bc3a
                                                                                                • Opcode Fuzzy Hash: 6cea8c5f08a47daccb9f2f617f421422260b3a2c2aa9a568636a90cc2088744c
                                                                                                • Instruction Fuzzy Hash: 78F01571105752CFDB34AF64D490926BBE4FF153293258AAEE2EE82621C731D844DB10
                                                                                                Function 00B830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00B8314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_
                                                                                                • String ID:
                                                                                                • API String ID: 1144537725-0
                                                                                                • Opcode ID: 614b5678ceb1cee3f67c235deb31b01878f5b341f62ef47cac6919e3a8f27609
                                                                                                • Instruction ID: 7598af32b2f70e0aa8f12d8d383c8fa42ef108032f84867d9df2b9e44799f369
                                                                                                • Opcode Fuzzy Hash: 614b5678ceb1cee3f67c235deb31b01878f5b341f62ef47cac6919e3a8f27609
                                                                                                • Instruction Fuzzy Hash: 19F037749143149FEB529B24DC497D97BFCB701708F0400E5A548A61A1D77457C8CF51
                                                                                                Function 00B82DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00B82DC4
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongNamePath_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 541455249-0
                                                                                                • Opcode ID: 21ae686b76b7f86527678ec64b63f5f748e8b943a9c2419a0aec8d639a539dc7
                                                                                                • Instruction ID: d88604577d1257d3624fb72d6ba8109d6fef6ce4a9f0fa5ad3f84aff919b1ae4
                                                                                                • Opcode Fuzzy Hash: 21ae686b76b7f86527678ec64b63f5f748e8b943a9c2419a0aec8d639a539dc7
                                                                                                • Instruction Fuzzy Hash: 14E0CD726002245BC710A2589C06FDA77DDDFC9790F0440B5FD09E7258D970ED80C650
                                                                                                Function 00B82B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B83837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B83908
                                                                                                  • Part of subcall function 00B8D730: GetInputState.USER32 ref: 00B8D807
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B82B6B
                                                                                                  • Part of subcall function 00B830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00B8314E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                • String ID:
                                                                                                • API String ID: 3667716007-0
                                                                                                • Opcode ID: 95775688e75079fcca995c8dc0977b1db606033699b569d397628836dd7f563d
                                                                                                • Instruction ID: f800db3fa7c62a3d6e4b8448957b1973b84a89fa8c2deb7e9673b68e347d168b
                                                                                                • Opcode Fuzzy Hash: 95775688e75079fcca995c8dc0977b1db606033699b569d397628836dd7f563d
                                                                                                • Instruction Fuzzy Hash: 80E0262130024406CA04BB30A856BBDA3C99BD1B52F4415BEF542431B2CF208989C312
                                                                                                Function 00BC039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00BC0704,?,?,00000000,?,00BC0704,00000000,0000000C), ref: 00BC03B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: 443f7561276f27181b4a65265524ae48e575d748346bb699eedde576f3e9719d
                                                                                                • Instruction ID: 096e4efbbfdccd5e0815386644055a7efba8ecfd2815d344b3799cb89e9e51fc
                                                                                                • Opcode Fuzzy Hash: 443f7561276f27181b4a65265524ae48e575d748346bb699eedde576f3e9719d
                                                                                                • Instruction Fuzzy Hash: 9CD06C3208010DBBDF028F84DD46EDE3BAAFB48714F118000BE1856020C732E821AB90
                                                                                                Function 00B81CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00B81CBC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoParametersSystem
                                                                                                • String ID:
                                                                                                • API String ID: 3098949447-0
                                                                                                • Opcode ID: 61b4eed9f830b899fe21cc3cd045aca0256c513e8e2aa4bf11bfd4c8a698f584
                                                                                                • Instruction ID: f49462518764e73b901dcedfa509f749c52e964eb945d974d7bef55f5bd8c237
                                                                                                • Opcode Fuzzy Hash: 61b4eed9f830b899fe21cc3cd045aca0256c513e8e2aa4bf11bfd4c8a698f584
                                                                                                • Instruction Fuzzy Hash: 5CC09B392C03049FF2154B80BC5EF587755B349B01F448401F609755F3D3A11450F650

                                                                                                Non-executed Functions

                                                                                                Function 00C19576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00C1961A
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C1965B
                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00C1969F
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C196C9
                                                                                                • SendMessageW.USER32 ref: 00C196F2
                                                                                                • GetKeyState.USER32(00000011), ref: 00C1978B
                                                                                                • GetKeyState.USER32(00000009), ref: 00C19798
                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C197AE
                                                                                                • GetKeyState.USER32(00000010), ref: 00C197B8
                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C197E9
                                                                                                • SendMessageW.USER32 ref: 00C19810
                                                                                                • SendMessageW.USER32(?,00001030,?,00C17E95), ref: 00C19918
                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00C1992E
                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00C19941
                                                                                                • SetCapture.USER32(?), ref: 00C1994A
                                                                                                • ClientToScreen.USER32(?,?), ref: 00C199AF
                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00C199BC
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C199D6
                                                                                                • ReleaseCapture.USER32 ref: 00C199E1
                                                                                                • GetCursorPos.USER32(?), ref: 00C19A19
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C19A26
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00C19A80
                                                                                                • SendMessageW.USER32 ref: 00C19AAE
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00C19AEB
                                                                                                • SendMessageW.USER32 ref: 00C19B1A
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00C19B3B
                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00C19B4A
                                                                                                • GetCursorPos.USER32(?), ref: 00C19B68
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C19B75
                                                                                                • GetParent.USER32(?), ref: 00C19B93
                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00C19BFA
                                                                                                • SendMessageW.USER32 ref: 00C19C2B
                                                                                                • ClientToScreen.USER32(?,?), ref: 00C19C84
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00C19CB4
                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00C19CDE
                                                                                                • SendMessageW.USER32 ref: 00C19D01
                                                                                                • ClientToScreen.USER32(?,?), ref: 00C19D4E
                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00C19D82
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C19E05
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                • String ID: @GUI_DRAGID$F$Hf
                                                                                                • API String ID: 3429851547-462346700
                                                                                                • Opcode ID: f18c62141e0357ef58939ba7c2102c7c43f281ff034f2feb6a999e1f4ae9f88b
                                                                                                • Instruction ID: d49826eccd40bead4580dfa4a6396d3a003e6db1a2494d96feb111e202a3ffcb
                                                                                                • Opcode Fuzzy Hash: f18c62141e0357ef58939ba7c2102c7c43f281ff034f2feb6a999e1f4ae9f88b
                                                                                                • Instruction Fuzzy Hash: 29428E74204601EFDB24CF24CC94BEABBF5FF8A310F144629F9A9972A1D7319990EB51
                                                                                                Function 00C14873 Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 566windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00C148F3
                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00C14908
                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00C14927
                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00C1494B
                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00C1495C
                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00C1497B
                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00C149AE
                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00C149D4
                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00C14A0F
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00C14A56
                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00C14A7E
                                                                                                • IsMenu.USER32(?), ref: 00C14A97
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C14AF2
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C14B20
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C14B94
                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00C14BE3
                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00C14C82
                                                                                                • wsprintfW.USER32 ref: 00C14CAE
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C14CC9
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00C14CF1
                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00C14D13
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C14D33
                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00C14D5A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                • String ID: %d/%02d/%02d$Hf
                                                                                                • API String ID: 4054740463-2945116323
                                                                                                • Opcode ID: 16a935e1107af212e212b18c0b69964d915b36553d4d7ced6fabbd1049d52834
                                                                                                • Instruction ID: eb749a9980ad56d9a601465e9ef56fba30b4284f7e6f881039225295dcb334e9
                                                                                                • Opcode Fuzzy Hash: 16a935e1107af212e212b18c0b69964d915b36553d4d7ced6fabbd1049d52834
                                                                                                • Instruction Fuzzy Hash: 9712FE71600204ABEB289F68CC49FEE7BF8FF46310F104169F525EA2E1DB749A81DB50
                                                                                                Function 00B9F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00B9F998
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BDF474
                                                                                                • IsIconic.USER32(00000000), ref: 00BDF47D
                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 00BDF48A
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00BDF494
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BDF4AA
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BDF4B1
                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BDF4BD
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00BDF4CE
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00BDF4D6
                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00BDF4DE
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00BDF4E1
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BDF4F6
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00BDF501
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BDF50B
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00BDF510
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BDF519
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00BDF51E
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BDF528
                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00BDF52D
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00BDF530
                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00BDF557
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 4125248594-2988720461
                                                                                                • Opcode ID: 56999eaabe8b0c733b35c6e71754e1d3ee41ae2f0fd05fdc0375e39f25880ca4
                                                                                                • Instruction ID: ab607e37dac4184ac261b84ddfa8a5f8fd9c220f09987906f655055f66908e23
                                                                                                • Opcode Fuzzy Hash: 56999eaabe8b0c733b35c6e71754e1d3ee41ae2f0fd05fdc0375e39f25880ca4
                                                                                                • Instruction Fuzzy Hash: C9318771A84319BBEB206BB55C8AFFF7EADFB45B50F104066F601E61D1D6B05D00AAA0
                                                                                                Function 00BE1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BE170D
                                                                                                  • Part of subcall function 00BE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BE173A
                                                                                                  • Part of subcall function 00BE16C3: GetLastError.KERNEL32 ref: 00BE174A
                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00BE1286
                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00BE12A8
                                                                                                • CloseHandle.KERNEL32(?), ref: 00BE12B9
                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00BE12D1
                                                                                                • GetProcessWindowStation.USER32 ref: 00BE12EA
                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00BE12F4
                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00BE1310
                                                                                                  • Part of subcall function 00BE10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BE11FC), ref: 00BE10D4
                                                                                                  • Part of subcall function 00BE10BF: CloseHandle.KERNEL32(?,?,00BE11FC), ref: 00BE10E9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                • String ID: $default$winsta0
                                                                                                • API String ID: 22674027-1027155976
                                                                                                • Opcode ID: fb1597017374ff8fe2b48a9d7ccb176fe60f97f094c9c0314548b7d44f488f79
                                                                                                • Instruction ID: d5c948e3f0591fd66be8406d5950c166b3ed8b64f4e0dade142239af32e59d14
                                                                                                • Opcode Fuzzy Hash: fb1597017374ff8fe2b48a9d7ccb176fe60f97f094c9c0314548b7d44f488f79
                                                                                                • Instruction Fuzzy Hash: 99818C71940289ABDF119FA9DC89BEE7BF9FF05700F2485A9F911B62A0C7748944CF60
                                                                                                Function 00BE0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BE1114
                                                                                                  • Part of subcall function 00BE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1120
                                                                                                  • Part of subcall function 00BE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE112F
                                                                                                  • Part of subcall function 00BE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1136
                                                                                                  • Part of subcall function 00BE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BE114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BE0BCC
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BE0C00
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00BE0C17
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00BE0C51
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BE0C6D
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00BE0C84
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BE0C8C
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00BE0C93
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BE0CB4
                                                                                                • CopySid.ADVAPI32(00000000), ref: 00BE0CBB
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BE0CEA
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BE0D0C
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BE0D1E
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0D45
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0D4C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0D55
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0D5C
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0D65
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0D6C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00BE0D78
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0D7F
                                                                                                  • Part of subcall function 00BE1193: GetProcessHeap.KERNEL32(00000008,00BE0BB1,?,00000000,?,00BE0BB1,?), ref: 00BE11A1
                                                                                                  • Part of subcall function 00BE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BE0BB1,?), ref: 00BE11A8
                                                                                                  • Part of subcall function 00BE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BE0BB1,?), ref: 00BE11B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: 126b148367a2baf86f7aa431daaa936dbc8b7744feb8a6f23a0efb282649a8b1
                                                                                                • Instruction ID: b2fa422a6332985febc658ab1272f7417a20f3c7ea474241f854ccedf6b98d94
                                                                                                • Opcode Fuzzy Hash: 126b148367a2baf86f7aa431daaa936dbc8b7744feb8a6f23a0efb282649a8b1
                                                                                                • Instruction Fuzzy Hash: 4371AC7194024AFBDF10EFA5DC84BEEBBB8FF09300F1485A5F904A6290D7B4A941CB60
                                                                                                Function 00BFEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenClipboard.USER32(00C1CC08), ref: 00BFEB29
                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00BFEB37
                                                                                                • GetClipboardData.USER32(0000000D), ref: 00BFEB43
                                                                                                • CloseClipboard.USER32 ref: 00BFEB4F
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BFEB87
                                                                                                • CloseClipboard.USER32 ref: 00BFEB91
                                                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00BFEBBC
                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00BFEBC9
                                                                                                • GetClipboardData.USER32(00000001), ref: 00BFEBD1
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BFEBE2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 00BFEC22
                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00BFEC38
                                                                                                • GetClipboardData.USER32(0000000F), ref: 00BFEC44
                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00BFEC55
                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00BFEC77
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BFEC94
                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BFECD2
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00BFECF3
                                                                                                • CountClipboardFormats.USER32 ref: 00BFED14
                                                                                                • CloseClipboard.USER32 ref: 00BFED59
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                • String ID:
                                                                                                • API String ID: 420908878-0
                                                                                                • Opcode ID: 497b18bebf5e2d01074e0a7259f30797cb2b842db6a758cc9dc12f1d4e58d3a9
                                                                                                • Instruction ID: 370c80fd7c16d90b50771ccb80738a4e6bde1c3ffa7720e3c77763822554f29a
                                                                                                • Opcode Fuzzy Hash: 497b18bebf5e2d01074e0a7259f30797cb2b842db6a758cc9dc12f1d4e58d3a9
                                                                                                • Instruction Fuzzy Hash: 5661AB34244205AFD300EF24D889F7AB7E4FF85704F1885A9F5A6972B2DB31D909CB62
                                                                                                Function 00BF698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BF69BE
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF6A12
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BF6A4E
                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BF6A75
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BF6AB2
                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BF6ADF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                • API String ID: 3830820486-3289030164
                                                                                                • Opcode ID: a797fe8d43041d6e72e0bd455c96c2d499a80e01ab88a7d2925b75ca37aa730c
                                                                                                • Instruction ID: ae8219b67958ed15f6a76412288a84597d01733f909e2c8f75354c67813fef3b
                                                                                                • Opcode Fuzzy Hash: a797fe8d43041d6e72e0bd455c96c2d499a80e01ab88a7d2925b75ca37aa730c
                                                                                                • Instruction Fuzzy Hash: C5D14FB2508304AFC710EBA4C881EBBB7ECAF99704F04495DF585D71A1EB74DA48CB62
                                                                                                Function 00BF9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00BF9663
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00BF96A1
                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00BF96BB
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00BF96D3
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF96DE
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00BF96FA
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF974A
                                                                                                • SetCurrentDirectoryW.KERNEL32(00C46B7C), ref: 00BF9768
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BF9772
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF977F
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF978F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1409584000-438819550
                                                                                                • Opcode ID: dd5f17eca5a1b922d10f06fdef252cfee6b7236ca58726ddf9750d88dfc8a107
                                                                                                • Instruction ID: ec440c276008e0382e08b2a9f728b89b8b3607940553c887b3d731bd02394adc
                                                                                                • Opcode Fuzzy Hash: dd5f17eca5a1b922d10f06fdef252cfee6b7236ca58726ddf9750d88dfc8a107
                                                                                                • Instruction Fuzzy Hash: E3317E3254021D6BDB24AFB4DC49BEE77ECEF0A321F1081A5FA15E30A0DB74DE488A54
                                                                                                Function 00BF979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00BF97BE
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00BF9819
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF9824
                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00BF9840
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF9890
                                                                                                • SetCurrentDirectoryW.KERNEL32(00C46B7C), ref: 00BF98AE
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BF98B8
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF98C5
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF98D5
                                                                                                  • Part of subcall function 00BEDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00BEDB00
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                • String ID: *.*
                                                                                                • API String ID: 2640511053-438819550
                                                                                                • Opcode ID: 48a5a6086c84751478c2b813706c88b5dd6806e29ad2c1b9fcc2937bfe7823af
                                                                                                • Instruction ID: c45aae4ca9bf85a5e065a236692a81bbe60bb17e997d1600e0eed96163aa13b6
                                                                                                • Opcode Fuzzy Hash: 48a5a6086c84751478c2b813706c88b5dd6806e29ad2c1b9fcc2937bfe7823af
                                                                                                • Instruction Fuzzy Hash: 7C31753154061D6BDB20AFA4DC48BEE77ECEF473A0F1481E5F914A3190DB71DE898A64
                                                                                                Function 00C0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00C0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C0B6AE,?,?), ref: 00C0C9B5
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0C9F1
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA68
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C0BF3E
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00C0BFA9
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0BFCD
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C0C02C
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C0C0E7
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C0C154
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C0C1E9
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00C0C23A
                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C0C2E3
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C0C382
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0C38F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 3102970594-0
                                                                                                • Opcode ID: 5035c2c9f7d6daf5be6e0f828ada0154614bf617830cd4ff6d74e65ca949eb6f
                                                                                                • Instruction ID: 6796e8a5584bcb6415c75f4a08a5f9513c13940ea9bda88b7495aef3b25dd45f
                                                                                                • Opcode Fuzzy Hash: 5035c2c9f7d6daf5be6e0f828ada0154614bf617830cd4ff6d74e65ca949eb6f
                                                                                                • Instruction Fuzzy Hash: 70024A71604200AFD714DF28C8D5E2ABBE5EF89318F18859DF85ACB2A2DB31ED45CB51
                                                                                                Function 00BF8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?), ref: 00BF8257
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BF8267
                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BF8273
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BF8310
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF8324
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF8356
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BF838C
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF8395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1464919966-438819550
                                                                                                • Opcode ID: eb2b357ab747fc0d10f46ef8ca357d6278960e8973fb0b631ef194aafa4c96a8
                                                                                                • Instruction ID: e7bc9b0dca05d1aa01dbc588b16cb19a769893de928b1be7ae61e0fc8a8d8d9b
                                                                                                • Opcode Fuzzy Hash: eb2b357ab747fc0d10f46ef8ca357d6278960e8973fb0b631ef194aafa4c96a8
                                                                                                • Instruction Fuzzy Hash: C46170715043459FC710EF64C840AAFB3E8FF89314F04899DF99997261DB31E949CB92
                                                                                                Function 00BED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B83A97,?,?,00B82E7F,?,?,?,00000000), ref: 00B83AC2
                                                                                                  • Part of subcall function 00BEE199: GetFileAttributesW.KERNEL32(?,00BECF95), ref: 00BEE19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BED122
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00BED1DD
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00BED1F0
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00BED20D
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BED237
                                                                                                  • Part of subcall function 00BED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00BED21C,?,?), ref: 00BED2B2
                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00BED253
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BED264
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 1946585618-1173974218
                                                                                                • Opcode ID: 0285718661890ba0e19be897ffcc6bbe02c3b2cbb2155b34956e35b691ca5190
                                                                                                • Instruction ID: b3bd109d2ddd5c3ae18118f59b7cc9fb34917a2389fd86d29e650f86c191f1fb
                                                                                                • Opcode Fuzzy Hash: 0285718661890ba0e19be897ffcc6bbe02c3b2cbb2155b34956e35b691ca5190
                                                                                                • Instruction Fuzzy Hash: 8B614A3180514DABCF05EBE1CA92AFDB7F5AF15300F2481A5E402771A2EB71AF09DB61
                                                                                                Function 00BFED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                • String ID:
                                                                                                • API String ID: 1737998785-0
                                                                                                • Opcode ID: dbb3ec3b0f01fd97793c26e316aabf3b821582417db8f84b9190b42de4ac0938
                                                                                                • Instruction ID: ea0a302120e6a39465f857322d8a04ee7317c5a50103ff56de139c4e036218be
                                                                                                • Opcode Fuzzy Hash: dbb3ec3b0f01fd97793c26e316aabf3b821582417db8f84b9190b42de4ac0938
                                                                                                • Instruction Fuzzy Hash: FA418B35204611AFE320DF15E888B69BBE5FF45318F14C0A9F5698BA72C735EC45CB90
                                                                                                Function 00BEE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BE170D
                                                                                                  • Part of subcall function 00BE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BE173A
                                                                                                  • Part of subcall function 00BE16C3: GetLastError.KERNEL32 ref: 00BE174A
                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00BEE932
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                • API String ID: 2234035333-3163812486
                                                                                                • Opcode ID: fe8c86ab97ca7d24e76139c13df42f841fad9f0e9d52eecbada489d2255478a7
                                                                                                • Instruction ID: 5b8d10ff55f6acc1a907e673b470e9651ce16b9ba62e01041d8760e06e6091f3
                                                                                                • Opcode Fuzzy Hash: fe8c86ab97ca7d24e76139c13df42f841fad9f0e9d52eecbada489d2255478a7
                                                                                                • Instruction Fuzzy Hash: 8A01F276610251ABEB1462BA9CCABBE72DCE714740F1448A1F822E21D3E7B0DC4482A0
                                                                                                Function 00C01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00C01276
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01283
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00C012BA
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C012C5
                                                                                                • closesocket.WSOCK32(00000000), ref: 00C012F4
                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00C01303
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C0130D
                                                                                                • closesocket.WSOCK32(00000000), ref: 00C0133C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                • String ID:
                                                                                                • API String ID: 540024437-0
                                                                                                • Opcode ID: 2f41539276caf683d8c9b9d4bf14f31a68e1e58aab7ca6376aa60bd0905a01c7
                                                                                                • Instruction ID: 48908428f84c8eb63697cfbeca30218c2a0071a06e172d4f1d189ea60b868801
                                                                                                • Opcode Fuzzy Hash: 2f41539276caf683d8c9b9d4bf14f31a68e1e58aab7ca6376aa60bd0905a01c7
                                                                                                • Instruction Fuzzy Hash: 99416E716001409FD710DF68C4C8B69FBE5BF46318F188198E9669F2E2C771ED85CBA1
                                                                                                Function 00BBB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00BBB9D4
                                                                                                • _free.LIBCMT ref: 00BBB9F8
                                                                                                • _free.LIBCMT ref: 00BBBB7F
                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C23700), ref: 00BBBB91
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00C5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00BBBC09
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00C51270,000000FF,?,0000003F,00000000,?), ref: 00BBBC36
                                                                                                • _free.LIBCMT ref: 00BBBD4B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                • String ID:
                                                                                                • API String ID: 314583886-0
                                                                                                • Opcode ID: 29db0f307fdf80e334142c0ae295b4cecbec8e031c82d98613270281c8d30f8a
                                                                                                • Instruction ID: 9f81d1671b90ba83180991df400b7d94da167ad14338df9dfef527e6257dc472
                                                                                                • Opcode Fuzzy Hash: 29db0f307fdf80e334142c0ae295b4cecbec8e031c82d98613270281c8d30f8a
                                                                                                • Instruction Fuzzy Hash: 2FC1E075904205AFCB249F698C95FFEBBE8EF42310F1841EAE89497251EBF09E41CB50
                                                                                                Function 00BED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B83A97,?,?,00B82E7F,?,?,?,00000000), ref: 00B83AC2
                                                                                                  • Part of subcall function 00BEE199: GetFileAttributesW.KERNEL32(?,00BECF95), ref: 00BEE19A
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BED420
                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00BED470
                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BED481
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BED498
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BED4A1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 2649000838-1173974218
                                                                                                • Opcode ID: 2d176d1bdb0dc916d3bf3a6be35f03f4b45adcf0b1f43ac89b86861c514cab29
                                                                                                • Instruction ID: 24d8dfa9f005c617086e6696690fb3418ede6fcf91328881b1e8048650a53e24
                                                                                                • Opcode Fuzzy Hash: 2d176d1bdb0dc916d3bf3a6be35f03f4b45adcf0b1f43ac89b86861c514cab29
                                                                                                • Instruction Fuzzy Hash: 3B3180310083859BC305FF65C8919AFB7E8BEA2700F444A9DF4D1932A1EB70EA09C763
                                                                                                Function 00BBE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __floor_pentium4
                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                • API String ID: 4168288129-2761157908
                                                                                                • Opcode ID: 4f2b5f399dcb8acbcf039c902adcd822f50cfa789ceb7cdd7bdfa59b9999e64c
                                                                                                • Instruction ID: 8f2479655f9b7f37a59e830ce968c95a4d63199740aa2d7401a7990d878eeaf8
                                                                                                • Opcode Fuzzy Hash: 4f2b5f399dcb8acbcf039c902adcd822f50cfa789ceb7cdd7bdfa59b9999e64c
                                                                                                • Instruction Fuzzy Hash: 43C23871E086298FDB25CE289D807FAB7F5EB49304F1441EAD85DE7251E7B4AE818F40
                                                                                                Function 00BF648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 00BF64DC
                                                                                                • CoInitialize.OLE32(00000000), ref: 00BF6639
                                                                                                • CoCreateInstance.OLE32(00C1FCF8,00000000,00000001,00C1FB68,?), ref: 00BF6650
                                                                                                • CoUninitialize.OLE32 ref: 00BF68D4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 886957087-24824748
                                                                                                • Opcode ID: 5b77adfd3ae3b866688497bfd770ca917687766f9d5df4b0458acf52d38670e5
                                                                                                • Instruction ID: 849479ac2442b4d964cdcba04b3a1650e980d6b4188871a64b59681b4a611004
                                                                                                • Opcode Fuzzy Hash: 5b77adfd3ae3b866688497bfd770ca917687766f9d5df4b0458acf52d38670e5
                                                                                                • Instruction Fuzzy Hash: BCD16A71508305AFD304EF24C881A6BB7E9FF95304F1449ADF5959B2A1EB70ED09CBA2
                                                                                                Function 00C022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00C022E8
                                                                                                  • Part of subcall function 00BFE4EC: GetWindowRect.USER32(?,?), ref: 00BFE504
                                                                                                • GetDesktopWindow.USER32 ref: 00C02312
                                                                                                • GetWindowRect.USER32(00000000), ref: 00C02319
                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00C02355
                                                                                                • GetCursorPos.USER32(?), ref: 00C02381
                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00C023DF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2387181109-0
                                                                                                • Opcode ID: 842157a95917f213408d0c9b2c568562ac0809cd2b0143fadeb79d478dd9c33c
                                                                                                • Instruction ID: 43bd8e7784c4504cc4fcefbbfb4cd7f731b65b959bb861d0e1c55379cf18ebaa
                                                                                                • Opcode Fuzzy Hash: 842157a95917f213408d0c9b2c568562ac0809cd2b0143fadeb79d478dd9c33c
                                                                                                • Instruction Fuzzy Hash: F931CD72504315ABC720DF15C849B9BBBEEFF85310F004A19F995A7291DB34EA08CB92
                                                                                                Function 00BF9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00BF9B78
                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00BF9C8B
                                                                                                  • Part of subcall function 00BF3874: GetInputState.USER32 ref: 00BF38CB
                                                                                                  • Part of subcall function 00BF3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BF3966
                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00BF9BA8
                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00BF9C75
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                • String ID: *.*
                                                                                                • API String ID: 1972594611-438819550
                                                                                                • Opcode ID: 5a5ad718db0cd57935a14143050285c2f885892d3200174e81d141d0acb1e29d
                                                                                                • Instruction ID: b4600e3407c64b3c394227bb8bcc195912b4208c986618331926752efcd09a05
                                                                                                • Opcode Fuzzy Hash: 5a5ad718db0cd57935a14143050285c2f885892d3200174e81d141d0acb1e29d
                                                                                                • Instruction Fuzzy Hash: 1D413C7194420EABCF14EF64C985BEEBBF4EF05310F244195E515A31A1EB319E89CF61
                                                                                                Function 00B9997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00B99A4E
                                                                                                • GetSysColor.USER32(0000000F), ref: 00B99B23
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00B99B36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$LongProcWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3131106179-0
                                                                                                • Opcode ID: bc69b2d71fdec166d89f9528fc29205873b7c318c4036598fbc8ac7ad74add40
                                                                                                • Instruction ID: 311c48e738091e35459f8bdb65c03e780e842fa800ed2fc8681f5584ba3ca05d
                                                                                                • Opcode Fuzzy Hash: bc69b2d71fdec166d89f9528fc29205873b7c318c4036598fbc8ac7ad74add40
                                                                                                • Instruction Fuzzy Hash: FAA11670248504AFEF689A2C8CD8FFF66DDEB47300B1502AEF402D6691EE25DD41E272
                                                                                                Function 00C01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00C0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C0307A
                                                                                                  • Part of subcall function 00C0304E: _wcslen.LIBCMT ref: 00C0309B
                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00C0185D
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01884
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00C018DB
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C018E6
                                                                                                • closesocket.WSOCK32(00000000), ref: 00C01915
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 1601658205-0
                                                                                                • Opcode ID: 79730c237e409ce201f141c689b686745ae287701142172562d094d02f6be55b
                                                                                                • Instruction ID: cf7d15fe094c5555bb9a0405615fad255ff53d095fe65b7aebeeefea2e240005
                                                                                                • Opcode Fuzzy Hash: 79730c237e409ce201f141c689b686745ae287701142172562d094d02f6be55b
                                                                                                • Instruction Fuzzy Hash: 3B518171A40210AFEB10AF24C886F6AB7E5AB45718F18C598FA155F3D3C771AE41CBA1
                                                                                                Function 00C11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                • String ID:
                                                                                                • API String ID: 292994002-0
                                                                                                • Opcode ID: 9823872afbccca8096c5dc34e80b884d5be7b7416549b6df6e008a3fb810b35b
                                                                                                • Instruction ID: f92e34ca954e48bcf9375f6c6c7edc2ec165a850f8bc778f8464e42357451afe
                                                                                                • Opcode Fuzzy Hash: 9823872afbccca8096c5dc34e80b884d5be7b7416549b6df6e008a3fb810b35b
                                                                                                • Instruction Fuzzy Hash: 4821D3317802109FD7219F2AD894BAA7BE5FF86314B1C8058ED4A8B351CB75DD82EBD0
                                                                                                Function 00B88060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                • API String ID: 0-1546025612
                                                                                                • Opcode ID: aefe14524640d84fb85b88c45115387232191ced3d0e63fbf90e97369a78d3a7
                                                                                                • Instruction ID: 95d1ee212cba968849409f860721f6fd08d26a8f4c4e622de8118a6c4aa7d2bc
                                                                                                • Opcode Fuzzy Hash: aefe14524640d84fb85b88c45115387232191ced3d0e63fbf90e97369a78d3a7
                                                                                                • Instruction Fuzzy Hash: 1BA25E75A0061ACBDF24DF58C980BAEB7F1FF54310F6481E9E815AB295EB709D81CB50
                                                                                                Function 00BEAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00BEAAAC
                                                                                                • SetKeyboardState.USER32(00000080), ref: 00BEAAC8
                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00BEAB36
                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00BEAB88
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: 5501207adfe6034342369f9b0e8046fddccfc1dcafd0ffc7cefb33de07c698d4
                                                                                                • Instruction ID: 092a26bf88fbeb1b1db1e981bde493c3460d63512aa4d5d5f33020aaa10aad47
                                                                                                • Opcode Fuzzy Hash: 5501207adfe6034342369f9b0e8046fddccfc1dcafd0ffc7cefb33de07c698d4
                                                                                                • Instruction Fuzzy Hash: AA312670A80288AEFB309A76CC45BFA7BEEEF55310F04429AF181961D0D374A985C762
                                                                                                Function 00BFCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00BFCE89
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00BFCEEA
                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00BFCEFE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 234945975-0
                                                                                                • Opcode ID: c7d66af8cb0c1f96a2418b5bca2bbaf7e8941c3136bf5b6255b6657d8e2095fc
                                                                                                • Instruction ID: 1d55e09ad1969626f97b752723adbd3c7dd6c196d1039a42ce46cc8895676a18
                                                                                                • Opcode Fuzzy Hash: c7d66af8cb0c1f96a2418b5bca2bbaf7e8941c3136bf5b6255b6657d8e2095fc
                                                                                                • Instruction Fuzzy Hash: 9D21BD7154030D9BDB20CF65CA88BBABBF8EF51314F10849EE656D3151E770EE888B60
                                                                                                Function 00BE8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00BE82AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrlen
                                                                                                • String ID: ($|
                                                                                                • API String ID: 1659193697-1631851259
                                                                                                • Opcode ID: 3e91b5db775f2060e3d444f44e1b4837c97a4a4dde5df200217da3a200514ce4
                                                                                                • Instruction ID: 16a493b3167530656e2d77b256a86fb0d6955a315c4c7abdd47685cc82adca75
                                                                                                • Opcode Fuzzy Hash: 3e91b5db775f2060e3d444f44e1b4837c97a4a4dde5df200217da3a200514ce4
                                                                                                • Instruction Fuzzy Hash: EC323774A00B459FCB28CF59C481A6AB7F1FF48710B15C5AEE49ADB3A1EB70E941CB44
                                                                                                Function 00BF5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BF5CC1
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00BF5D17
                                                                                                • FindClose.KERNEL32(?), ref: 00BF5D5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: 296a877ec90394f34b0aed02ab594e03aea6642e7c26b88397513944e67d1df1
                                                                                                • Instruction ID: 6f9aeb98655feca425673309272dc46f1049c1e67df06b09fea2bc6a070d8f1c
                                                                                                • Opcode Fuzzy Hash: 296a877ec90394f34b0aed02ab594e03aea6642e7c26b88397513944e67d1df1
                                                                                                • Instruction Fuzzy Hash: A9519C746046059FC724DF28C494EAAB7E4FF4A314F1485ADEA5A8B3A1CB30ED48CB91
                                                                                                Function 00BB2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00BB271A
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BB2724
                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00BB2731
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                • String ID:
                                                                                                • API String ID: 3906539128-0
                                                                                                • Opcode ID: 391c102fa191dfa960dea1039a5c15029152e141b6f73856aee4771d9821a4ff
                                                                                                • Instruction ID: a326fe6c95f721a9b74107af60a1c4d510a9924ebccca774db4a1a36a1890c9c
                                                                                                • Opcode Fuzzy Hash: 391c102fa191dfa960dea1039a5c15029152e141b6f73856aee4771d9821a4ff
                                                                                                • Instruction Fuzzy Hash: 8531C274951218ABCB21DF68DC887DCBBF8BF09310F5041EAE81CA6260EB709F818F44
                                                                                                Function 00BF51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00BF51DA
                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00BF5238
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00BF52A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                • String ID:
                                                                                                • API String ID: 1682464887-0
                                                                                                • Opcode ID: 815544b4c494df49075a5c7b7d893b2d87d0e9f025aa05bde0accaa672a7095b
                                                                                                • Instruction ID: b1b6180cf2bc9dd203d6e7b43dae12cfc9f9d62436d5d1888e546bf0692a6f07
                                                                                                • Opcode Fuzzy Hash: 815544b4c494df49075a5c7b7d893b2d87d0e9f025aa05bde0accaa672a7095b
                                                                                                • Instruction Fuzzy Hash: FF312B75A005189FDB00DF54D884FADBBF4FF49318F198099E905AB362DB31E859CBA0
                                                                                                Function 00BE16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00BA0668
                                                                                                  • Part of subcall function 00B9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00BA0685
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BE170D
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BE173A
                                                                                                • GetLastError.KERNEL32 ref: 00BE174A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                • String ID:
                                                                                                • API String ID: 577356006-0
                                                                                                • Opcode ID: 01651549599e4c29cfef2b20b8f190bea1924d54161b2cec3d09b475dc891ed9
                                                                                                • Instruction ID: dadd36fcd84a7e29976c9852285224db94c134dfe5d23286d4e6cdd5ae6fbc52
                                                                                                • Opcode Fuzzy Hash: 01651549599e4c29cfef2b20b8f190bea1924d54161b2cec3d09b475dc891ed9
                                                                                                • Instruction Fuzzy Hash: 5D11BFB2410205AFD7189F54DCC6EAAB7F9FF04724B20C56EF05696241EB70BC418A20
                                                                                                Function 00BED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BED608
                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00BED645
                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BED650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                • String ID:
                                                                                                • API String ID: 33631002-0
                                                                                                • Opcode ID: a856b85e61668950adb38e0018b5f686e1938c8165b08be04eafd4e989e50f4f
                                                                                                • Instruction ID: 6f96a9acc978d13c578f7780478ef4d76500a6be7241d8691f182be073c1d2ab
                                                                                                • Opcode Fuzzy Hash: a856b85e61668950adb38e0018b5f686e1938c8165b08be04eafd4e989e50f4f
                                                                                                • Instruction Fuzzy Hash: EB117C71E41228BFDB108F959C84FEFBBBCEB46B60F108151F914E7290C2B04A018BA1
                                                                                                Function 00BE1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00BE168C
                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00BE16A1
                                                                                                • FreeSid.ADVAPI32(?), ref: 00BE16B1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                • String ID:
                                                                                                • API String ID: 3429775523-0
                                                                                                • Opcode ID: 96cde1896ae10981661e3c1ee82acee0226fcca7c5d6d103561487330c504f8c
                                                                                                • Instruction ID: 8883ebbc44f039f9579c6d963cbf6de1bdfe0e49d542d71e94b2b7338b8d477e
                                                                                                • Opcode Fuzzy Hash: 96cde1896ae10981661e3c1ee82acee0226fcca7c5d6d103561487330c504f8c
                                                                                                • Instruction Fuzzy Hash: 95F0F471990309FBDB00DFE4DC89EAEBBBCFB08704F5089A5E501E2181E774AA448A50
                                                                                                Function 00BBC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: /
                                                                                                • API String ID: 0-2043925204
                                                                                                • Opcode ID: 703ce745cfb7993ddb52d9aac0f4c9dd2b88e11fc9ee3ef851ed4e57946b1c7e
                                                                                                • Instruction ID: 48350e4f5d1a86550ceb94234449ed7c09bed78477176c37f7b9910355d66cfb
                                                                                                • Opcode Fuzzy Hash: 703ce745cfb7993ddb52d9aac0f4c9dd2b88e11fc9ee3ef851ed4e57946b1c7e
                                                                                                • Instruction Fuzzy Hash: 534128765002196FCB24DFB9CC89EFB7BF8EB84314F5042A9F915D7180E6B09D818B54
                                                                                                Function 00BDD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00BDD28C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameUser
                                                                                                • String ID: X64
                                                                                                • API String ID: 2645101109-893830106
                                                                                                • Opcode ID: 7bcfbd896bc6d43e96db21aac12930f8d3db5a78d78638173e8b3ace35d29a49
                                                                                                • Instruction ID: e1e496a9a26bee12ba7dbd10e64dd4a1cd65349622673faf074d1dd1c16938d7
                                                                                                • Opcode Fuzzy Hash: 7bcfbd896bc6d43e96db21aac12930f8d3db5a78d78638173e8b3ace35d29a49
                                                                                                • Instruction Fuzzy Hash: 66D0C9B480111DEBCF94CB90DCC8EDDB7BCBB04345F104192F146A2100D73095488F10
                                                                                                Function 00BACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction ID: dd55d22bc32e473e4f686d4b09a25be674e0ed506175d3e4878c73b63635c3ff
                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                • Instruction Fuzzy Hash: DA023D71E042199FDF14CFA9C8806ADFBF1EF49324F2581AAD819E7381D731AE458B94
                                                                                                Function 00BF68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00BF6918
                                                                                                • FindClose.KERNEL32(00000000), ref: 00BF6961
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: 3ec73fed1a977729f22df85a157bdb5f580aa1e911baf21654bf82ad6f0467f1
                                                                                                • Instruction ID: 4d13b6b30397c9e4e836b6624c186e778d38ec5372157048eca3d8c9b75f06f2
                                                                                                • Opcode Fuzzy Hash: 3ec73fed1a977729f22df85a157bdb5f580aa1e911baf21654bf82ad6f0467f1
                                                                                                • Instruction Fuzzy Hash: 4F1193716042049FD710DF29D4C4A26BBE5FF89328F14C699F9698F6A2C770EC09CB91
                                                                                                Function 00BF37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00C04891,?,?,00000035,?), ref: 00BF37E4
                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00C04891,?,?,00000035,?), ref: 00BF37F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                • String ID:
                                                                                                • API String ID: 3479602957-0
                                                                                                • Opcode ID: 04941a4daf040683a96133ac9b92c9a26902fbe7c116cb67c1d93aeb8b68bf9a
                                                                                                • Instruction ID: 1b8fb3f7aa54ea62d89bcc5a4b9892c6b0eba0d3636b446d290118e1d9ccfe4b
                                                                                                • Opcode Fuzzy Hash: 04941a4daf040683a96133ac9b92c9a26902fbe7c116cb67c1d93aeb8b68bf9a
                                                                                                • Instruction Fuzzy Hash: E8F0EC706042186AD71027655C8DFEB36DDEFC5761F0041A5F505D3291D5709D44C7B1
                                                                                                Function 00BEB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00BEB25D
                                                                                                • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00BEB270
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: InputSendkeybd_event
                                                                                                • String ID:
                                                                                                • API String ID: 3536248340-0
                                                                                                • Opcode ID: 2e567d102c8f92df74c44b354ec59525ca7a145f5e7dbf41ede3de94e4268b9f
                                                                                                • Instruction ID: 8253c1b092f94136d4f41099474930999ced5b0023dad0e678eed0b7befbd88b
                                                                                                • Opcode Fuzzy Hash: 2e567d102c8f92df74c44b354ec59525ca7a145f5e7dbf41ede3de94e4268b9f
                                                                                                • Instruction Fuzzy Hash: 10F01D7184428DABDB059FA1C845BEE7FB4FF05305F008049F955A5191C37986119F94
                                                                                                Function 00BE10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BE11FC), ref: 00BE10D4
                                                                                                • CloseHandle.KERNEL32(?,?,00BE11FC), ref: 00BE10E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 81990902-0
                                                                                                • Opcode ID: fc2287c987a0311fcfadd96954a0c267bcc72d6497fc4c139807f891e91b260a
                                                                                                • Instruction ID: d0b429418a0fe1ace3b9a6ac287389d87577583c0b8578cc5d7589d79e5021d6
                                                                                                • Opcode Fuzzy Hash: fc2287c987a0311fcfadd96954a0c267bcc72d6497fc4c139807f891e91b260a
                                                                                                • Instruction Fuzzy Hash: F0E01A32004611AEEB252B11FC05FB777E9EB05320B20C86DB4A5804B1DB62AC909A10
                                                                                                Function 00B8CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Variable is not of type 'Object'., xrefs: 00BD0C40
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                • API String ID: 0-1840281001
                                                                                                • Opcode ID: 2a83822932cb2c47cbfad723a807394c5dbe9e639186684ea4b08a1c4d853d40
                                                                                                • Instruction ID: dd50a8dd7f8ca74afeff2f01ee41ecac66081c83a347cf210568faf038e845b4
                                                                                                • Opcode Fuzzy Hash: 2a83822932cb2c47cbfad723a807394c5dbe9e639186684ea4b08a1c4d853d40
                                                                                                • Instruction Fuzzy Hash: 4F325CB0910218DBDF14EF94D881BEDBBF5FF05304F1440AAE906AB2A2D775AD49CB60
                                                                                                Function 00BB676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00BB6766,?,?,00000008,?,?,00BBFEFE,00000000), ref: 00BB6998
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID:
                                                                                                • API String ID: 3997070919-0
                                                                                                • Opcode ID: 03781d058453137929b6619472f65f6da96ad0836b99774c9960aecf848e91a0
                                                                                                • Instruction ID: f4ae68d81553103a78669d7303b56174b2ad08d4f005709302464c91e44780eb
                                                                                                • Opcode Fuzzy Hash: 03781d058453137929b6619472f65f6da96ad0836b99774c9960aecf848e91a0
                                                                                                • Instruction Fuzzy Hash: 91B13D315106089FDB15CF28C486BA57BE0FF45364F258699E8D9CF2A1C779DD91CB40
                                                                                                Function 00B9B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: aa34d6822ac5e8922e342663f150c281c0d01693d1abe77381dccd3064ae6267
                                                                                                • Instruction ID: bd823fd23e9e5e4a492b7d6f76f9db0202f151a3e04fb54e5632ad2036d1e8e6
                                                                                                • Opcode Fuzzy Hash: aa34d6822ac5e8922e342663f150c281c0d01693d1abe77381dccd3064ae6267
                                                                                                • Instruction Fuzzy Hash: 01125E759002299BCF14CF58D981AEEB7F5FF48710F1481AAE849EB351EB309A81DF94
                                                                                                Function 00BFEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • BlockInput.USER32(00000001), ref: 00BFEABD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BlockInput
                                                                                                • String ID:
                                                                                                • API String ID: 3456056419-0
                                                                                                • Opcode ID: 6f1413d66e1e82a1ac8a72d1902e73e888a962ad5b92d62a89fc75ebe6413ae5
                                                                                                • Instruction ID: 2177dfb4eb7ad75881da029b70ff8fee84c44be02a777706f54163be6ba39b0f
                                                                                                • Opcode Fuzzy Hash: 6f1413d66e1e82a1ac8a72d1902e73e888a962ad5b92d62a89fc75ebe6413ae5
                                                                                                • Instruction Fuzzy Hash: 7AE01A712102049FD710EF69D844EAABBE9BF99760F00845AFD59C7261DA70E8448BA0
                                                                                                Function 00BA09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00BA03EE), ref: 00BA09DA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: 78e564796300c5020f9bffa956e7b88bf6c97bc27dda70c56c50c14b4e1a63e6
                                                                                                • Instruction ID: 075a9012f3473440775b59627f515298b0f977bf2b9ff168aae56bc83276eb32
                                                                                                • Opcode Fuzzy Hash: 78e564796300c5020f9bffa956e7b88bf6c97bc27dda70c56c50c14b4e1a63e6
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 00BA781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0
                                                                                                • API String ID: 0-4108050209
                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction ID: 64e811724624c58afc89cb24acbab045782328afe114c0f2ee75b9c9c1849f24
                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                • Instruction Fuzzy Hash: 745166726CC6056BDB38852A8C9EBBF23C9DB03300F1805DAD886D7682CE19DE05D356
                                                                                                Function 00BB6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3db04199a3291d9b60724f343021424fde4cc3e7c2a9529f9d6c3d2d4c0a9e17
                                                                                                • Instruction ID: c08f130e9c8385c1aa9eb300c6d1010242c25e2f78cac59838a7ac1277aa0f56
                                                                                                • Opcode Fuzzy Hash: 3db04199a3291d9b60724f343021424fde4cc3e7c2a9529f9d6c3d2d4c0a9e17
                                                                                                • Instruction Fuzzy Hash: 57320222D69F014ED7339634CC6233AA289AFB73C5F15D727E81AB5EA5EF69C4834100
                                                                                                Function 00B9CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0c0958b82a5c7b82c7290a160cdc356fcf54c3c633b746c429b59a56ef470a4f
                                                                                                • Instruction ID: 4578bcad25cc64c71a85282d87ce079896e7195b3dd308e68587f26ace566543
                                                                                                • Opcode Fuzzy Hash: 0c0958b82a5c7b82c7290a160cdc356fcf54c3c633b746c429b59a56ef470a4f
                                                                                                • Instruction Fuzzy Hash: 9532CF31A4415A8BDF28CA68C4D467DFFF1EB45300F2885FBD45A9B396E630DD81DA81
                                                                                                Function 00B87920 Relevance: .6, Instructions: 563COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b0353ad2dbd0e8a1486b18ea7d58597b0a4360187fde104951a7f88900bf8c56
                                                                                                • Instruction ID: 5433d005ef5f9e9de52312ae2d5dc11f762a5584aedf268d8435a2a73447be05
                                                                                                • Opcode Fuzzy Hash: b0353ad2dbd0e8a1486b18ea7d58597b0a4360187fde104951a7f88900bf8c56
                                                                                                • Instruction Fuzzy Hash: CC22A070A0460ADFDF14DF64C881BAEB7F6FF48304F2445A9E816A72A1EB35E951CB50
                                                                                                Function 00B891C0 Relevance: .5, Instructions: 475COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6fb4162b2c816142c4d50b0dd15073abdb793cc1a9f4d946ef5574f8426d8ca4
                                                                                                • Instruction ID: b05991ca0a2bc27e639cefe7b96f8536364de1704e631f4d3358734bf791fd90
                                                                                                • Opcode Fuzzy Hash: 6fb4162b2c816142c4d50b0dd15073abdb793cc1a9f4d946ef5574f8426d8ca4
                                                                                                • Instruction Fuzzy Hash: BA0282B1A0020AEBDF04DF54D881BAEB7F1FF44310F1481A9E816DB291EB31EA51CB95
                                                                                                Function 00BB9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60a5fa8b8e4621c0862a03d59910f573071269a9a0af8ef2367af14c1c6bdde0
                                                                                                • Instruction ID: e67c834067017aa64660ade20fa49a90b276b1a100eaf8ed08957ea33b6f5a17
                                                                                                • Opcode Fuzzy Hash: 60a5fa8b8e4621c0862a03d59910f573071269a9a0af8ef2367af14c1c6bdde0
                                                                                                • Instruction Fuzzy Hash: 45B1E320D3AF814DD3239639887133AB69CAFBB6D5F91D71BFC1674D62EB2686834140
                                                                                                Function 00BA1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction ID: 482b641406d5308d813c21cac0dfb2ad8c214843d4c617f0e92e7c4cba6f3130
                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                • Instruction Fuzzy Hash: 4691557210D0A34ADBA9463E857403EFFE1DA533A1B1A0FEED4F2CA1C5FE248955D620
                                                                                                Function 00BA1F32 Relevance: .2, Instructions: 244COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction ID: 983ecd4cecc7d435e91fa51912ab714114fde25093f93879928929081ded4e6e
                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                • Instruction Fuzzy Hash: B291437260D0E34EDB69433D857403EFFE19A933A171A07DEE4F2DA1C5EE258954E620
                                                                                                Function 00BA19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction ID: 0789c3fa1b6828680e648282489a884072d138f7f9a2f5a910bcf3b838dfcea8
                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                • Instruction Fuzzy Hash: 0E91337220D0A34ADBAD467E857403EFFE19A933A2B1A0BDED4F2CA1C1FD248555D620
                                                                                                Function 00BA7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d75716e124f4888f7965077614277ee4e2d7e0e9cb8c3cc6179106b80630a0e5
                                                                                                • Instruction ID: fb1895d310bb18bb3b86e99888be51381efef5e3ee4f82793490d5ac37065217
                                                                                                • Opcode Fuzzy Hash: d75716e124f4888f7965077614277ee4e2d7e0e9cb8c3cc6179106b80630a0e5
                                                                                                • Instruction Fuzzy Hash: 4C6157B16CC70966DA349A288DB5BBF23D8DF47710F9409DAE843DB281EE119E428365
                                                                                                Function 00BA7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cef4f37f14ee69128ead86f987bff4e814972b2c9cf1014810e46028ed8fb4c7
                                                                                                • Instruction ID: 8f0b999094f668e753d07ffcbd998d62c82c6b6f4c0a11432f0aeb382398ca8c
                                                                                                • Opcode Fuzzy Hash: cef4f37f14ee69128ead86f987bff4e814972b2c9cf1014810e46028ed8fb4c7
                                                                                                • Instruction Fuzzy Hash: 3D616BB16CC70967DE389A284C95BBF23D8DF43700F1409FAE9C3DB681EE129D428255
                                                                                                Function 00BA1706 Relevance: .2, Instructions: 232COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction ID: 9bf13d87c45f910eacfecdcf96048238f4628c9bf76d2301eb50c51819132b7e
                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                • Instruction Fuzzy Hash: DF81667260D0A30DDBAD863D857443EFFE19A933A1B1A0BDDD4F2CA1C1EE24C955D620
                                                                                                Function 00BF2046 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0ac5b0d53c906efe45d5604f5271862f09977851fa2fe5d7089c8950e9ff786b
                                                                                                • Instruction ID: 630579cad519ce001c08fb321bbfa3d94a850c2bfbe793838838c58043adb293
                                                                                                • Opcode Fuzzy Hash: 0ac5b0d53c906efe45d5604f5271862f09977851fa2fe5d7089c8950e9ff786b
                                                                                                • Instruction Fuzzy Hash: DE21A5326206158BDB28CF79C82277E73E5A764310F15866EE4A7D37D0DE39A944CB80
                                                                                                Function 00C02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 00C02B30
                                                                                                • DeleteObject.GDI32(00000000), ref: 00C02B43
                                                                                                • DestroyWindow.USER32 ref: 00C02B52
                                                                                                • GetDesktopWindow.USER32 ref: 00C02B6D
                                                                                                • GetWindowRect.USER32(00000000), ref: 00C02B74
                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00C02CA3
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00C02CB1
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02CF8
                                                                                                • GetClientRect.USER32(00000000,?), ref: 00C02D04
                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C02D40
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02D62
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02D75
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02D80
                                                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02D89
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02D98
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02DA1
                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02DA8
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C02DB3
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02DC5
                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00C1FC38,00000000), ref: 00C02DDB
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C02DEB
                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00C02E11
                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00C02E30
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C02E52
                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C0303F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                • API String ID: 2211948467-2373415609
                                                                                                • Opcode ID: 5a72b856568a0619b748f574a1987f4243a6a6936b5791fae7321140428e8b1f
                                                                                                • Instruction ID: 9015183d68e28564cb775ac3de609a5c31d76b6f765a2f3f44ae783db2e84aa6
                                                                                                • Opcode Fuzzy Hash: 5a72b856568a0619b748f574a1987f4243a6a6936b5791fae7321140428e8b1f
                                                                                                • Instruction Fuzzy Hash: 7E028A75A40215AFDB14DFA4CC89FAE7BB9FB4A710F148158F915AB2A1CB70ED01CB60
                                                                                                Function 00C170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00C1712F
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00C17160
                                                                                                • GetSysColor.USER32(0000000F), ref: 00C1716C
                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00C17186
                                                                                                • SelectObject.GDI32(?,?), ref: 00C17195
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00C171C0
                                                                                                • GetSysColor.USER32(00000010), ref: 00C171C8
                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00C171CF
                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00C171DE
                                                                                                • DeleteObject.GDI32(00000000), ref: 00C171E5
                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00C17230
                                                                                                • FillRect.USER32(?,?,?), ref: 00C17262
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C17284
                                                                                                  • Part of subcall function 00C173E8: GetSysColor.USER32(00000012), ref: 00C17421
                                                                                                  • Part of subcall function 00C173E8: SetTextColor.GDI32(?,?), ref: 00C17425
                                                                                                  • Part of subcall function 00C173E8: GetSysColorBrush.USER32(0000000F), ref: 00C1743B
                                                                                                  • Part of subcall function 00C173E8: GetSysColor.USER32(0000000F), ref: 00C17446
                                                                                                  • Part of subcall function 00C173E8: GetSysColor.USER32(00000011), ref: 00C17463
                                                                                                  • Part of subcall function 00C173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C17471
                                                                                                  • Part of subcall function 00C173E8: SelectObject.GDI32(?,00000000), ref: 00C17482
                                                                                                  • Part of subcall function 00C173E8: SetBkColor.GDI32(?,00000000), ref: 00C1748B
                                                                                                  • Part of subcall function 00C173E8: SelectObject.GDI32(?,?), ref: 00C17498
                                                                                                  • Part of subcall function 00C173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00C174B7
                                                                                                  • Part of subcall function 00C173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C174CE
                                                                                                  • Part of subcall function 00C173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00C174DB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                • String ID:
                                                                                                • API String ID: 4124339563-0
                                                                                                • Opcode ID: 7b1e56be07cbeaed306bfa18f2623251628b516c3ea7ef52564203b80304d292
                                                                                                • Instruction ID: b5fe988cd9012c17e22ab6f79931ca8d52d6b8bc778ac3942ac16dd45bbdd9c1
                                                                                                • Opcode Fuzzy Hash: 7b1e56be07cbeaed306bfa18f2623251628b516c3ea7ef52564203b80304d292
                                                                                                • Instruction Fuzzy Hash: FAA17E72048301FFDB019F64DC88BAE7BB9FB4A320F204B19F962961A1D771E9859B51
                                                                                                Function 00B98D85 Relevance: 49.5, APIs: 26, Strings: 2, Instructions: 480windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?), ref: 00B98E14
                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00BD6AC5
                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00BD6AFE
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00BD6F43
                                                                                                  • Part of subcall function 00B98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B98BE8,?,00000000,?,?,?,?,00B98BBA,00000000,?), ref: 00B98FC5
                                                                                                • SendMessageW.USER32(?,00001053), ref: 00BD6F7F
                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00BD6F96
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00BD6FAC
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00BD6FB7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                • String ID: 0$Hf
                                                                                                • API String ID: 2760611726-2882497664
                                                                                                • Opcode ID: fe226f00f6ea05929a646c9b608c852f2503c7cf79d2d9f04e15f51e88fad83a
                                                                                                • Instruction ID: e2718ae2f22415616ac470dc6fccc601f161eefbf4a64cfb585ed152b2aa8ba2
                                                                                                • Opcode Fuzzy Hash: fe226f00f6ea05929a646c9b608c852f2503c7cf79d2d9f04e15f51e88fad83a
                                                                                                • Instruction Fuzzy Hash: 8812BD34600601DFDB25CF24D898BA9BBE1FB46310F1884AAF495DB261DB31EC91DB91
                                                                                                Function 00C02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000), ref: 00C0273E
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C0286A
                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00C028A9
                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00C028B9
                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00C02900
                                                                                                • GetClientRect.USER32(00000000,?), ref: 00C0290C
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00C02955
                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C02964
                                                                                                • GetStockObject.GDI32(00000011), ref: 00C02974
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C02978
                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00C02988
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C02991
                                                                                                • DeleteDC.GDI32(00000000), ref: 00C0299A
                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00C029C6
                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00C029DD
                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00C02A1D
                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00C02A31
                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00C02A42
                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00C02A77
                                                                                                • GetStockObject.GDI32(00000011), ref: 00C02A82
                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00C02A8D
                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00C02A97
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                • API String ID: 2910397461-517079104
                                                                                                • Opcode ID: 7ad7902b4dfb77b77220322b89367aa4f77bdc54cc0e370e0bdcd8c954161adf
                                                                                                • Instruction ID: 8c2ecdb7763736e7230348166859b59841c50b7fe44542e46e47b869cf6fca79
                                                                                                • Opcode Fuzzy Hash: 7ad7902b4dfb77b77220322b89367aa4f77bdc54cc0e370e0bdcd8c954161adf
                                                                                                • Instruction Fuzzy Hash: 0BB14A75A40215AFEB14DFA8CC89FAE7BA9FB09711F108154F915E72E0DB70AD40CBA0
                                                                                                Function 00BF4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00BF4AED
                                                                                                • GetDriveTypeW.KERNEL32(?,00C1CB68,?,\\.\,00C1CC08), ref: 00BF4BCA
                                                                                                • SetErrorMode.KERNEL32(00000000,00C1CB68,?,\\.\,00C1CC08), ref: 00BF4D36
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$DriveType
                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                • API String ID: 2907320926-4222207086
                                                                                                • Opcode ID: 5adfe8f72192e12140af644f26c9667eb0a617dd1892ccf8e29eaf0eb0d92133
                                                                                                • Instruction ID: f9275ef8fa0fb58a17575ff7fafa14c1d5af53a6a69e14365ca67d216d3801c5
                                                                                                • Opcode Fuzzy Hash: 5adfe8f72192e12140af644f26c9667eb0a617dd1892ccf8e29eaf0eb0d92133
                                                                                                • Instruction Fuzzy Hash: 7361D330A4120D9BCB04DF24CAC19BE77F0FB46710B2490E5F906AB6A6CB31DD49DB52
                                                                                                Function 00C173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000012), ref: 00C17421
                                                                                                • SetTextColor.GDI32(?,?), ref: 00C17425
                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00C1743B
                                                                                                • GetSysColor.USER32(0000000F), ref: 00C17446
                                                                                                • CreateSolidBrush.GDI32(?), ref: 00C1744B
                                                                                                • GetSysColor.USER32(00000011), ref: 00C17463
                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C17471
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00C17482
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00C1748B
                                                                                                • SelectObject.GDI32(?,?), ref: 00C17498
                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00C174B7
                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C174CE
                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00C174DB
                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C1752A
                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00C17554
                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00C17572
                                                                                                • DrawFocusRect.USER32(?,?), ref: 00C1757D
                                                                                                • GetSysColor.USER32(00000011), ref: 00C1758E
                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00C17596
                                                                                                • DrawTextW.USER32(?,00C170F5,000000FF,?,00000000), ref: 00C175A8
                                                                                                • SelectObject.GDI32(?,?), ref: 00C175BF
                                                                                                • DeleteObject.GDI32(?), ref: 00C175CA
                                                                                                • SelectObject.GDI32(?,?), ref: 00C175D0
                                                                                                • DeleteObject.GDI32(?), ref: 00C175D5
                                                                                                • SetTextColor.GDI32(?,?), ref: 00C175DB
                                                                                                • SetBkColor.GDI32(?,?), ref: 00C175E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                • String ID:
                                                                                                • API String ID: 1996641542-0
                                                                                                • Opcode ID: 25b837be6acdc64ad1320a955fd4b06cf0a50ba657d7d4f8634dc771faab41dd
                                                                                                • Instruction ID: f1eb5be6f001d6a0454b3a0e43868a23e39a5e8df6ec03982cdb7f279872b1e3
                                                                                                • Opcode Fuzzy Hash: 25b837be6acdc64ad1320a955fd4b06cf0a50ba657d7d4f8634dc771faab41dd
                                                                                                • Instruction Fuzzy Hash: ED613071944218BFDB019FA4DC49BEE7B79FB0A320F218115F915A72A1D67499409F90
                                                                                                Function 00C10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 00C11128
                                                                                                • GetDesktopWindow.USER32 ref: 00C1113D
                                                                                                • GetWindowRect.USER32(00000000), ref: 00C11144
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C11199
                                                                                                • DestroyWindow.USER32(?), ref: 00C111B9
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00C111ED
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C1120B
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C1121D
                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00C11232
                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00C11245
                                                                                                • IsWindowVisible.USER32(00000000), ref: 00C112A1
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00C112BC
                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00C112D0
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C112E8
                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00C1130E
                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00C11328
                                                                                                • CopyRect.USER32(?,?), ref: 00C1133F
                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00C113AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                • String ID: ($0$tooltips_class32
                                                                                                • API String ID: 698492251-4156429822
                                                                                                • Opcode ID: b5ddd59a34cf8b7d5f190707226152c02db6d08d22cbf6ede1a1521924fbe3b1
                                                                                                • Instruction ID: d7237ac5f042391db82f4ca0d6f22692bee15519aa494a4a76fd076081f9fb43
                                                                                                • Opcode Fuzzy Hash: b5ddd59a34cf8b7d5f190707226152c02db6d08d22cbf6ede1a1521924fbe3b1
                                                                                                • Instruction Fuzzy Hash: 71B1AF71604341AFD700DF64C884BAEBBE4FF8A350F04895CFA999B2A1C735E985DB91
                                                                                                Function 00C10241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C102E5
                                                                                                • _wcslen.LIBCMT ref: 00C1031F
                                                                                                • _wcslen.LIBCMT ref: 00C10389
                                                                                                • _wcslen.LIBCMT ref: 00C103F1
                                                                                                • _wcslen.LIBCMT ref: 00C10475
                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00C104C5
                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C10504
                                                                                                  • Part of subcall function 00B9F9F2: _wcslen.LIBCMT ref: 00B9F9FD
                                                                                                  • Part of subcall function 00BE223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BE2258
                                                                                                  • Part of subcall function 00BE223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00BE228A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                • API String ID: 1103490817-719923060
                                                                                                • Opcode ID: 656233df36da65256d2c445aee6a412b5abab10badb248d28ec26a35bf76f5c9
                                                                                                • Instruction ID: fed4ad69472a072a8e8777ce55a9ff296f740090e3f88296fc6c682ba7ec7b2d
                                                                                                • Opcode Fuzzy Hash: 656233df36da65256d2c445aee6a412b5abab10badb248d28ec26a35bf76f5c9
                                                                                                • Instruction Fuzzy Hash: B2E1D5312182018FCB14DF24C4918BAB7E5BFD9714B6449ACF8A69B3A1DB70EEC5DB41
                                                                                                Function 00B98891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B98968
                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00B98970
                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B9899B
                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00B989A3
                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00B989C8
                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B989E5
                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00B989F5
                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B98A28
                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B98A3C
                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00B98A5A
                                                                                                • GetStockObject.GDI32(00000011), ref: 00B98A76
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B98A81
                                                                                                  • Part of subcall function 00B9912D: GetCursorPos.USER32(?), ref: 00B99141
                                                                                                  • Part of subcall function 00B9912D: ScreenToClient.USER32(00000000,?), ref: 00B9915E
                                                                                                  • Part of subcall function 00B9912D: GetAsyncKeyState.USER32(00000001), ref: 00B99183
                                                                                                  • Part of subcall function 00B9912D: GetAsyncKeyState.USER32(00000002), ref: 00B9919D
                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00B990FC), ref: 00B98AA8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                • String ID: AutoIt v3 GUI
                                                                                                • API String ID: 1458621304-248962490
                                                                                                • Opcode ID: 872de0109dff8be46bad91e592a7ea6175ccf2362b264fd19cc689ed52992683
                                                                                                • Instruction ID: 3fb60612825ba995cd0627e6f2860f85e2738952de7e72727385fa12bf1587d3
                                                                                                • Opcode Fuzzy Hash: 872de0109dff8be46bad91e592a7ea6175ccf2362b264fd19cc689ed52992683
                                                                                                • Instruction Fuzzy Hash: CFB16B75A402099FDF14DFA8C889BEE7BF5FB49315F14826AFA15A7290DB34A840CB50
                                                                                                Function 00BE0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BE1114
                                                                                                  • Part of subcall function 00BE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1120
                                                                                                  • Part of subcall function 00BE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE112F
                                                                                                  • Part of subcall function 00BE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1136
                                                                                                  • Part of subcall function 00BE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BE114D
                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BE0DF5
                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BE0E29
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00BE0E40
                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00BE0E7A
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BE0E96
                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00BE0EAD
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BE0EB5
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00BE0EBC
                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BE0EDD
                                                                                                • CopySid.ADVAPI32(00000000), ref: 00BE0EE4
                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BE0F13
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BE0F35
                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BE0F47
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0F6E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0F75
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0F7E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0F85
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE0F8E
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0F95
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00BE0FA1
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE0FA8
                                                                                                  • Part of subcall function 00BE1193: GetProcessHeap.KERNEL32(00000008,00BE0BB1,?,00000000,?,00BE0BB1,?), ref: 00BE11A1
                                                                                                  • Part of subcall function 00BE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BE0BB1,?), ref: 00BE11A8
                                                                                                  • Part of subcall function 00BE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BE0BB1,?), ref: 00BE11B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                • String ID:
                                                                                                • API String ID: 4175595110-0
                                                                                                • Opcode ID: 59588aac265d269b77fd5b10e3dc7757d67e1b50dadab1f6c336eebc35fa8404
                                                                                                • Instruction ID: ebc083963247bf44f810b5be2fe3588160871cccd48d7a5d9bf8aed89bc5cb99
                                                                                                • Opcode Fuzzy Hash: 59588aac265d269b77fd5b10e3dc7757d67e1b50dadab1f6c336eebc35fa8404
                                                                                                • Instruction Fuzzy Hash: 05718C7294024AEBDF20AFA5DC44FEEBBB8FF09300F148155F919A6191D7709D55CBA0
                                                                                                Function 00C0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C0C4BD
                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00C1CC08,00000000,?,00000000,?,?), ref: 00C0C544
                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00C0C5A4
                                                                                                • _wcslen.LIBCMT ref: 00C0C5F4
                                                                                                • _wcslen.LIBCMT ref: 00C0C66F
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00C0C6B2
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00C0C7C1
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00C0C84D
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C0C881
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0C88E
                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00C0C960
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                • API String ID: 9721498-966354055
                                                                                                • Opcode ID: e77fe4693489ee0dc257c96aa58d9694a482b3cabfd3a69c9e6b58c562adb462
                                                                                                • Instruction ID: 2460fd1a39cc6a7f9c009d0cd242e9e6f29b7cf0c92953c460faf0740f9e818f
                                                                                                • Opcode Fuzzy Hash: e77fe4693489ee0dc257c96aa58d9694a482b3cabfd3a69c9e6b58c562adb462
                                                                                                • Instruction Fuzzy Hash: 8E1299356082019FDB14EF14C891B2AB7E5FF89714F14899CF89A9B3A2DB31ED01CB91
                                                                                                Function 00C1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C109C6
                                                                                                • _wcslen.LIBCMT ref: 00C10A01
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C10A54
                                                                                                • _wcslen.LIBCMT ref: 00C10A8A
                                                                                                • _wcslen.LIBCMT ref: 00C10B06
                                                                                                • _wcslen.LIBCMT ref: 00C10B81
                                                                                                  • Part of subcall function 00B9F9F2: _wcslen.LIBCMT ref: 00B9F9FD
                                                                                                  • Part of subcall function 00BE2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BE2BFA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                • API String ID: 1103490817-4258414348
                                                                                                • Opcode ID: 7c5202385993592ca22f0dd7ba2006a8091b45680109be2125801990cf8b29ba
                                                                                                • Instruction ID: b3d25c7de157db4c4295618c1ba11dece1ec1ee17d33efee54fc67482e724869
                                                                                                • Opcode Fuzzy Hash: 7c5202385993592ca22f0dd7ba2006a8091b45680109be2125801990cf8b29ba
                                                                                                • Instruction Fuzzy Hash: 7CE1A1312083018FCB14EF25C4509AAB7E1FF99314F24899CF8A69B362D770EE85DB91
                                                                                                Function 00C0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                • API String ID: 1256254125-909552448
                                                                                                • Opcode ID: e4c3fd74dc57896750fbe1f2f367c8ab93892b677fe35f03de0720ea78b9068e
                                                                                                • Instruction ID: 4e7fc0a375dbede294c008c02c65b8eea23cc61086bad36cdd27a0aa45488e45
                                                                                                • Opcode Fuzzy Hash: e4c3fd74dc57896750fbe1f2f367c8ab93892b677fe35f03de0720ea78b9068e
                                                                                                • Instruction Fuzzy Hash: 0371E13260416A8BCF20DF6CC9D16BF3395ABA1B54B650728FC66A72C4E735CE45D3A0
                                                                                                Function 00C1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 00C1835A
                                                                                                • _wcslen.LIBCMT ref: 00C1836E
                                                                                                • _wcslen.LIBCMT ref: 00C18391
                                                                                                • _wcslen.LIBCMT ref: 00C183B4
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00C183F2
                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00C15BF2), ref: 00C1844E
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C18487
                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00C184CA
                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C18501
                                                                                                • FreeLibrary.KERNEL32(?), ref: 00C1850D
                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00C1851D
                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00C15BF2), ref: 00C1852C
                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00C18549
                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00C18555
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                • String ID: .dll$.exe$.icl
                                                                                                • API String ID: 799131459-1154884017
                                                                                                • Opcode ID: e821cdf14a3edd5d580a9c612b88837fbc5e8434c73564e0b1a10e94c6977065
                                                                                                • Instruction ID: 040c38b31bfb55f78721a5b377a48e45352e91389ae19f7e6892a1e66de0f23c
                                                                                                • Opcode Fuzzy Hash: e821cdf14a3edd5d580a9c612b88837fbc5e8434c73564e0b1a10e94c6977065
                                                                                                • Instruction Fuzzy Hash: 9261E171548205BEEB14DF64CC81BFE77A8FB06710F108649F825D61D1DFB4AA94D7A0
                                                                                                Function 00B87778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                • API String ID: 0-1645009161
                                                                                                • Opcode ID: a1c465e279ec1fe1d21a1ab5fd44cd2d183889659f7cb2f8c22df1cd65fb8072
                                                                                                • Instruction ID: 3f406d838d98ad59bdc2a4577a7222bfdfdfa6fa0c2ff2ba49097c9b71c12ca9
                                                                                                • Opcode Fuzzy Hash: a1c465e279ec1fe1d21a1ab5fd44cd2d183889659f7cb2f8c22df1cd65fb8072
                                                                                                • Instruction Fuzzy Hash: 8381C771688605BBDB21BF60CC46FAE77E4EF16304F1440B4F805AA1A6EB70DD51D791
                                                                                                Function 00BF3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00BF3EF8
                                                                                                • _wcslen.LIBCMT ref: 00BF3F03
                                                                                                • _wcslen.LIBCMT ref: 00BF3F5A
                                                                                                • _wcslen.LIBCMT ref: 00BF3F98
                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00BF3FD6
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BF401E
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BF4059
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BF4087
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                • API String ID: 1839972693-4113822522
                                                                                                • Opcode ID: 23108ca444b95ba84e8cbab65f14c76082acb2f63c956f161b385402cbe31571
                                                                                                • Instruction ID: 137b1ba19d5f58d1478797fe1be1845cede590dde245efdcc33e3edf3023a1f3
                                                                                                • Opcode Fuzzy Hash: 23108ca444b95ba84e8cbab65f14c76082acb2f63c956f161b385402cbe31571
                                                                                                • Instruction Fuzzy Hash: 8F71BB726042069FC710EF24C88197AB7F4EF95B58F1049ADFA9593261EB30DE49CB92
                                                                                                Function 00BE5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000063), ref: 00BE5A2E
                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00BE5A40
                                                                                                • SetWindowTextW.USER32(?,?), ref: 00BE5A57
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00BE5A6C
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00BE5A72
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00BE5A82
                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00BE5A88
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00BE5AA9
                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00BE5AC3
                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE5ACC
                                                                                                • _wcslen.LIBCMT ref: 00BE5B33
                                                                                                • SetWindowTextW.USER32(?,?), ref: 00BE5B6F
                                                                                                • GetDesktopWindow.USER32 ref: 00BE5B75
                                                                                                • GetWindowRect.USER32(00000000), ref: 00BE5B7C
                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00BE5BD3
                                                                                                • GetClientRect.USER32(?,?), ref: 00BE5BE0
                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00BE5C05
                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00BE5C2F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 895679908-0
                                                                                                • Opcode ID: 9746b9377f5ff8ec4124d0be22cc8c145b20200a6ea96d1c01ac325728a75be8
                                                                                                • Instruction ID: 54bcbf0a90149fa6bc5be29dc5e8309861c012249678d48e803c5423bb435310
                                                                                                • Opcode Fuzzy Hash: 9746b9377f5ff8ec4124d0be22cc8c145b20200a6ea96d1c01ac325728a75be8
                                                                                                • Instruction Fuzzy Hash: BA715A31900B49AFDB20DFA9CE85BAEBBF5FF48708F104668F542A25A0D775E944CB50
                                                                                                Function 00BFFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00BFFE27
                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00BFFE32
                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BFFE3D
                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00BFFE48
                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00BFFE53
                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00BFFE5E
                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00BFFE69
                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00BFFE74
                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00BFFE7F
                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00BFFE8A
                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00BFFE95
                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00BFFEA0
                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00BFFEAB
                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00BFFEB6
                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00BFFEC1
                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00BFFECC
                                                                                                • GetCursorInfo.USER32(?), ref: 00BFFEDC
                                                                                                • GetLastError.KERNEL32 ref: 00BFFF1E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                • String ID:
                                                                                                • API String ID: 3215588206-0
                                                                                                • Opcode ID: 8165dfddc68492deca5086d9a3fc39c00581c1781c7e25694e4fb7eabd8fc3e3
                                                                                                • Instruction ID: 36cd0ae63f0436bfed47d9668784c25b074ff6bda66801dce41fb27ea039230e
                                                                                                • Opcode Fuzzy Hash: 8165dfddc68492deca5086d9a3fc39c00581c1781c7e25694e4fb7eabd8fc3e3
                                                                                                • Instruction Fuzzy Hash: FB4183B0D0531A6ADB109FBA8CC596EBFE8FF04314B50816AF11DE7291DB789801CF90
                                                                                                Function 00BA00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00BA00C6
                                                                                                  • Part of subcall function 00BA00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00C5070C,00000FA0,CE8F854C,?,?,?,?,00BC23B3,000000FF), ref: 00BA011C
                                                                                                  • Part of subcall function 00BA00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00BC23B3,000000FF), ref: 00BA0127
                                                                                                  • Part of subcall function 00BA00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00BC23B3,000000FF), ref: 00BA0138
                                                                                                  • Part of subcall function 00BA00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00BA014E
                                                                                                  • Part of subcall function 00BA00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00BA015C
                                                                                                  • Part of subcall function 00BA00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00BA016A
                                                                                                  • Part of subcall function 00BA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00BA0195
                                                                                                  • Part of subcall function 00BA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00BA01A0
                                                                                                • ___scrt_fastfail.LIBCMT ref: 00BA00E7
                                                                                                  • Part of subcall function 00BA00A3: __onexit.LIBCMT ref: 00BA00A9
                                                                                                Strings
                                                                                                • InitializeConditionVariable, xrefs: 00BA0148
                                                                                                • kernel32.dll, xrefs: 00BA0133
                                                                                                • WakeAllConditionVariable, xrefs: 00BA0162
                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00BA0122
                                                                                                • SleepConditionVariableCS, xrefs: 00BA0154
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                • API String ID: 66158676-1714406822
                                                                                                • Opcode ID: b79058bb99132b61b67c31bcc2edd9fcdc5201c7662de3d1737510004ed359b5
                                                                                                • Instruction ID: 0ac006e98a207f5388be851b59311790c42aebe8958fb794f24c01f3c6738284
                                                                                                • Opcode Fuzzy Hash: b79058bb99132b61b67c31bcc2edd9fcdc5201c7662de3d1737510004ed359b5
                                                                                                • Instruction Fuzzy Hash: 0421F9326987116BE7107F64AC46BED37E4EB47B61F104179F801F22A1DF6498408A90
                                                                                                Function 00BE30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                • API String ID: 176396367-1603158881
                                                                                                • Opcode ID: 2e17d87528b5b221b1590d1b91aa4efb31333c0d547c64105fabc31a25a08883
                                                                                                • Instruction ID: e7a0b7485b29b416e484f4c8ce0d8439d3357652628eecd9dbbcf2831683cf4d
                                                                                                • Opcode Fuzzy Hash: 2e17d87528b5b221b1590d1b91aa4efb31333c0d547c64105fabc31a25a08883
                                                                                                • Instruction Fuzzy Hash: E1E1F532A00556ABCF149FA5C499BEEBBF0FF54B10F5481A9E456B7280DB30AE858790
                                                                                                Function 00BF44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharLowerBuffW.USER32(00000000,00000000,00C1CC08), ref: 00BF4527
                                                                                                • _wcslen.LIBCMT ref: 00BF453B
                                                                                                • _wcslen.LIBCMT ref: 00BF4599
                                                                                                • _wcslen.LIBCMT ref: 00BF45F4
                                                                                                • _wcslen.LIBCMT ref: 00BF463F
                                                                                                • _wcslen.LIBCMT ref: 00BF46A7
                                                                                                  • Part of subcall function 00B9F9F2: _wcslen.LIBCMT ref: 00B9F9FD
                                                                                                • GetDriveTypeW.KERNEL32(?,00C46BF0,00000061), ref: 00BF4743
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                • API String ID: 2055661098-1000479233
                                                                                                • Opcode ID: 036a00dcfb962c98670d4c58a01a4636bc498601f52dce0bae0af8e0a0af2b00
                                                                                                • Instruction ID: f3301e54b9a30680761112756aa499385443489b982dfb867727fe94a8504d0e
                                                                                                • Opcode Fuzzy Hash: 036a00dcfb962c98670d4c58a01a4636bc498601f52dce0bae0af8e0a0af2b00
                                                                                                • Instruction Fuzzy Hash: 95B1ED716083069BC710EF28C890A7BB7E5FFA6760F50499DF696C72A1D730D948CB92
                                                                                                Function 00C16CD9 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 194windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00C16DEB
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00C16E5F
                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00C16E81
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C16E94
                                                                                                • DestroyWindow.USER32(?), ref: 00C16EB5
                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00B80000,00000000), ref: 00C16EE4
                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C16EFD
                                                                                                • GetDesktopWindow.USER32 ref: 00C16F16
                                                                                                • GetWindowRect.USER32(00000000), ref: 00C16F1D
                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C16F35
                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00C16F4D
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                • String ID: 0$Hf$tooltips_class32
                                                                                                • API String ID: 2429346358-4288550786
                                                                                                • Opcode ID: 48e3533afedaa192d81d79df787da9b30335ed2638d1a6eaf633d7a54d9b2ee2
                                                                                                • Instruction ID: 5d998a09a25acade37ed569fee7137e36e00e05ddc4e6eb2db783a49421a679e
                                                                                                • Opcode Fuzzy Hash: 48e3533afedaa192d81d79df787da9b30335ed2638d1a6eaf633d7a54d9b2ee2
                                                                                                • Instruction Fuzzy Hash: 2C716974244340AFDB21CF58D888BAABBE9FF8A304F04451DF99997261C770EA86DB11
                                                                                                Function 00C1911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00C19147
                                                                                                  • Part of subcall function 00C17674: ClientToScreen.USER32(?,?), ref: 00C1769A
                                                                                                  • Part of subcall function 00C17674: GetWindowRect.USER32(?,?), ref: 00C17710
                                                                                                  • Part of subcall function 00C17674: PtInRect.USER32(?,?,00C18B89), ref: 00C17720
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00C191B0
                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00C191BB
                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00C191DE
                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00C19225
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00C1923E
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00C19255
                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00C19277
                                                                                                • DragFinish.SHELL32(?), ref: 00C1927E
                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00C19371
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$Hf
                                                                                                • API String ID: 221274066-901553375
                                                                                                • Opcode ID: 01febde1ac80c63763755e818ddb0bcadd3a97c2c0c55258967c85b09e10e7f7
                                                                                                • Instruction ID: b4b9c5c51c624d8d3e14163909df1e3f040f636016ee6efe5426ba4dfe566e12
                                                                                                • Opcode Fuzzy Hash: 01febde1ac80c63763755e818ddb0bcadd3a97c2c0c55258967c85b09e10e7f7
                                                                                                • Instruction Fuzzy Hash: 85617C71108301AFD701EF64DC85EAFBBE8FF89750F44096EF595921A1DB309A89CB52
                                                                                                Function 00C0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 00C0B198
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C0B1B0
                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C0B1D4
                                                                                                • _wcslen.LIBCMT ref: 00C0B200
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C0B214
                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C0B236
                                                                                                • _wcslen.LIBCMT ref: 00C0B332
                                                                                                  • Part of subcall function 00BF05A7: GetStdHandle.KERNEL32(000000F6), ref: 00BF05C6
                                                                                                • _wcslen.LIBCMT ref: 00C0B34B
                                                                                                • _wcslen.LIBCMT ref: 00C0B366
                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C0B3B6
                                                                                                • GetLastError.KERNEL32(00000000), ref: 00C0B407
                                                                                                • CloseHandle.KERNEL32(?), ref: 00C0B439
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0B44A
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0B45C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0B46E
                                                                                                • CloseHandle.KERNEL32(?), ref: 00C0B4E3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2178637699-0
                                                                                                • Opcode ID: ae0fa2264d495ff8252b00b162ae4de359d7ba26789a947649b0bc603b0a17d3
                                                                                                • Instruction ID: 4fae4eaa476061d0aa8b266351a4dc0601d3d288c25922c843016e19df4e089f
                                                                                                • Opcode Fuzzy Hash: ae0fa2264d495ff8252b00b162ae4de359d7ba26789a947649b0bc603b0a17d3
                                                                                                • Instruction Fuzzy Hash: 23F1AD716083409FCB14EF24C891B6EBBE5AF85714F14849DF8A99B2E2DB31ED44CB52
                                                                                                Function 00C03FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00C1CC08), ref: 00C040BB
                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00C040CD
                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00C1CC08), ref: 00C040F2
                                                                                                • FreeLibrary.KERNEL32(00000000,?,00C1CC08), ref: 00C0413E
                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00C1CC08), ref: 00C041A8
                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 00C04262
                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00C042C8
                                                                                                • SysFreeString.OLEAUT32(?), ref: 00C042F2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                • API String ID: 354098117-199464113
                                                                                                • Opcode ID: b5b4f50d770f27e37477bbf7724142b68c6ff28a36dee4833079d3810442c3d5
                                                                                                • Instruction ID: 89ea3626ced2f1194e598a9dc8fd23134cc38bbfb94a62615c56a086ba7d7a08
                                                                                                • Opcode Fuzzy Hash: b5b4f50d770f27e37477bbf7724142b68c6ff28a36dee4833079d3810442c3d5
                                                                                                • Instruction Fuzzy Hash: BA1221B5A00115EFDB18DF94C884EAEB7B5FF45314F248098FA15AB2A1D731EE46CB90
                                                                                                Function 00B8326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemCount.USER32(00C51990), ref: 00BC2F8D
                                                                                                • GetMenuItemCount.USER32(00C51990), ref: 00BC303D
                                                                                                • GetCursorPos.USER32(?), ref: 00BC3081
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00BC308A
                                                                                                • TrackPopupMenuEx.USER32(00C51990,00000000,?,00000000,00000000,00000000), ref: 00BC309D
                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00BC30A9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                • String ID: 0
                                                                                                • API String ID: 36266755-4108050209
                                                                                                • Opcode ID: 626f725b7170178d072db1a7549e03d3191750a899bb183912a3fe4e540b2200
                                                                                                • Instruction ID: a69abcbf8f1c224be3c3f2e38513bb9b9ed35b85ebda3fe3c690dd1d06138166
                                                                                                • Opcode Fuzzy Hash: 626f725b7170178d072db1a7549e03d3191750a899bb183912a3fe4e540b2200
                                                                                                • Instruction Fuzzy Hash: 02711971644209BFEB219F28CC89FAABFE5FF05724F20425AF515661E0C7B1AD50D790
                                                                                                Function 00B98BCD Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B98BE8,?,00000000,?,?,?,?,00B98BBA,00000000,?), ref: 00B98FC5
                                                                                                • DestroyWindow.USER32(?), ref: 00B98C81
                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00B98BBA,00000000,?), ref: 00B98D1B
                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00BD6973
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00B98BBA,00000000,?), ref: 00BD69A1
                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00B98BBA,00000000,?), ref: 00BD69B8
                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B98BBA,00000000), ref: 00BD69D4
                                                                                                • DeleteObject.GDI32(00000000), ref: 00BD69E6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 641708696-3302991505
                                                                                                • Opcode ID: 647157bb0898848eff91806abf3760cfce1f6e63de7179261a3a84d9bb5be0c8
                                                                                                • Instruction ID: a6c2a1bbc628f02ac690099bd97ca8537be98aff1485d2c5c9531be2a781bf03
                                                                                                • Opcode Fuzzy Hash: 647157bb0898848eff91806abf3760cfce1f6e63de7179261a3a84d9bb5be0c8
                                                                                                • Instruction Fuzzy Hash: 86617C34502700DFCF259F14D998B69B7F1FB46312F1885ADE442AB6A0CB75ADD0DB90
                                                                                                Function 00BFC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BFC4B0
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BFC4C3
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BFC4D7
                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00BFC4F0
                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00BFC533
                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00BFC549
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BFC554
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BFC584
                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BFC5DC
                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BFC5F0
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00BFC5FB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                • String ID:
                                                                                                • API String ID: 3800310941-3916222277
                                                                                                • Opcode ID: 91c2bf5d4ed2a64e9cd2751bde4de601b8fd68098b63e5ca6a7c5f9186e121eb
                                                                                                • Instruction ID: ff81755d4546d0e53e2b55220173ea3f3b6a7c2ef336b7142d141f4d9f2e4e58
                                                                                                • Opcode Fuzzy Hash: 91c2bf5d4ed2a64e9cd2751bde4de601b8fd68098b63e5ca6a7c5f9186e121eb
                                                                                                • Instruction Fuzzy Hash: 6D5149B154020DBFDB218F648A89BBA7FFCFB19754F008459FA45D7250DB70E9889BA0
                                                                                                Function 00B99838 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                • GetSysColor.USER32(0000000F), ref: 00B99862
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ColorLongWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 259745315-3302991505
                                                                                                • Opcode ID: 71b59f87b5bb95ea73b8c6e2102c01206e3d3a509b0abc2e982e1799245ffaa5
                                                                                                • Instruction ID: dd784092c0918b3ea5f0b27d29233d22dc5bb3b5ce12108af1ee3609200a189b
                                                                                                • Opcode Fuzzy Hash: 71b59f87b5bb95ea73b8c6e2102c01206e3d3a509b0abc2e982e1799245ffaa5
                                                                                                • Instruction Fuzzy Hash: 3C416E31184640AADF205B3C9CC8BB97BA5FB17371F2486ADF9A2872E1E7319841DB11
                                                                                                Function 00C1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00C18592
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185A2
                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185AD
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185BA
                                                                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185C8
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185D7
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185E0
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185E7
                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C185F8
                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00C1FC38,?), ref: 00C18611
                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C18621
                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00C18641
                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00C18671
                                                                                                • DeleteObject.GDI32(?), ref: 00C18699
                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00C186AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                • String ID:
                                                                                                • API String ID: 3840717409-0
                                                                                                • Opcode ID: 86592b69834aeed7132e07fec5490042e6b806b05552bc7477fc220a6c6c1d8f
                                                                                                • Instruction ID: 59588e7ed738bcbd1793643bdd72b2c1db5a79f89f157a55bf58daaaf779f286
                                                                                                • Opcode Fuzzy Hash: 86592b69834aeed7132e07fec5490042e6b806b05552bc7477fc220a6c6c1d8f
                                                                                                • Instruction Fuzzy Hash: 17412775640208AFDB119FA5CC88FEE7BB9FF8AB11F108059F915E7260DB309A45DB60
                                                                                                Function 00BF14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00BF1502
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00BF150B
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BF1517
                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00BF15FB
                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00BF1657
                                                                                                • VariantInit.OLEAUT32(?), ref: 00BF1708
                                                                                                • SysFreeString.OLEAUT32(?), ref: 00BF178C
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BF17D8
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BF17E7
                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00BF1823
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                • API String ID: 1234038744-3931177956
                                                                                                • Opcode ID: 7dee0594ee182bdb86c58bcd487575e39d53ea62249d4028163826e40cb086b7
                                                                                                • Instruction ID: 93d1022545f1bad31fbb9af8af68ad08f69c4215eba2cf9d2765f3abcedf49d5
                                                                                                • Opcode Fuzzy Hash: 7dee0594ee182bdb86c58bcd487575e39d53ea62249d4028163826e40cb086b7
                                                                                                • Instruction Fuzzy Hash: 42D1DD71A00119EBDB04AF69D884BB9B7F6FF45700F108CA6E606AB190DB30DC59DBA1
                                                                                                Function 00C0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00C0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C0B6AE,?,?), ref: 00C0C9B5
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0C9F1
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA68
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C0B6F4
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C0B772
                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00C0B80A
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C0B87E
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C0B89C
                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00C0B8F2
                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C0B904
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C0B922
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C0B983
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0B994
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 146587525-4033151799
                                                                                                • Opcode ID: 85589bb425f939c297aae963039fdc5b9c24462ccf3f86ed943977cb03c7823f
                                                                                                • Instruction ID: 88574990cc43e1f4a93d1411937be5fab52b7fee62f1e272af21b9958c77b07a
                                                                                                • Opcode Fuzzy Hash: 85589bb425f939c297aae963039fdc5b9c24462ccf3f86ed943977cb03c7823f
                                                                                                • Instruction Fuzzy Hash: 02C15A35208201AFD714DF28C495F2ABBE5FF85318F14859CF5AA8B2A2CB71ED45CB91
                                                                                                Function 00C18D0E Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C18D5A
                                                                                                • GetFocus.USER32 ref: 00C18D6A
                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00C18D75
                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00C18E1D
                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00C18ECF
                                                                                                • GetMenuItemCount.USER32(?), ref: 00C18EEC
                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00C18EFC
                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00C18F2E
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00C18F70
                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C18FA1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                • String ID: 0$Hf
                                                                                                • API String ID: 1026556194-2882497664
                                                                                                • Opcode ID: 2f6fec2037081d5b8d0636e7eb5a8db38a263615939af2bb7fda2cd895ef427d
                                                                                                • Instruction ID: cd40c08cd7d0b683d24133a3adf0c2bbeb3560d972037a821be08ca0111120cc
                                                                                                • Opcode Fuzzy Hash: 2f6fec2037081d5b8d0636e7eb5a8db38a263615939af2bb7fda2cd895ef427d
                                                                                                • Instruction Fuzzy Hash: 5181CF715083019FDB10CF14D884AEB7BEAFF8A314F14095DF99597291DB30DA89EBA1
                                                                                                Function 00C1541D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00C15504
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C15515
                                                                                                • CharNextW.USER32(00000158), ref: 00C15544
                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00C15585
                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00C1559B
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C155AC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CharNext
                                                                                                • String ID: Hf
                                                                                                • API String ID: 1350042424-3302991505
                                                                                                • Opcode ID: 52b3848f5cf5fd11c16318dd8019e055ff14796ef6da896415facf833195cc26
                                                                                                • Instruction ID: 6cf6a18d60647c991d5de3b988a714161cc949280b68ffcfe91eed722025db7b
                                                                                                • Opcode Fuzzy Hash: 52b3848f5cf5fd11c16318dd8019e055ff14796ef6da896415facf833195cc26
                                                                                                • Instruction Fuzzy Hash: B4617A74900608EFDF109F95CC84AFE7BB9FB8B721F108145F925AA290D7748AC1EB61
                                                                                                Function 00C0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 00C025D8
                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00C025E8
                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00C025F4
                                                                                                • SelectObject.GDI32(00000000,?), ref: 00C02601
                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00C0266D
                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00C026AC
                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00C026D0
                                                                                                • SelectObject.GDI32(?,?), ref: 00C026D8
                                                                                                • DeleteObject.GDI32(?), ref: 00C026E1
                                                                                                • DeleteDC.GDI32(?), ref: 00C026E8
                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00C026F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                • String ID: (
                                                                                                • API String ID: 2598888154-3887548279
                                                                                                • Opcode ID: 95542e26361768f6845c131126b2489a6d234b3677a24c55d289bf38237bb796
                                                                                                • Instruction ID: 249aa141793bfb37ddd58e99f2a6e51fd744a72bd58184a2ebfb6c32b4cbe650
                                                                                                • Opcode Fuzzy Hash: 95542e26361768f6845c131126b2489a6d234b3677a24c55d289bf38237bb796
                                                                                                • Instruction Fuzzy Hash: 9961D175D00219EFCF04CFA8D888AAEBBB6FF48310F208569F955A7250D771A941DF50
                                                                                                Function 00BBDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___free_lconv_mon.LIBCMT ref: 00BBDAA1
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD659
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD66B
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD67D
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD68F
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6A1
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6B3
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6C5
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6D7
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6E9
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD6FB
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD70D
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD71F
                                                                                                  • Part of subcall function 00BBD63C: _free.LIBCMT ref: 00BBD731
                                                                                                • _free.LIBCMT ref: 00BBDA96
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BBDAB8
                                                                                                • _free.LIBCMT ref: 00BBDACD
                                                                                                • _free.LIBCMT ref: 00BBDAD8
                                                                                                • _free.LIBCMT ref: 00BBDAFA
                                                                                                • _free.LIBCMT ref: 00BBDB0D
                                                                                                • _free.LIBCMT ref: 00BBDB1B
                                                                                                • _free.LIBCMT ref: 00BBDB26
                                                                                                • _free.LIBCMT ref: 00BBDB5E
                                                                                                • _free.LIBCMT ref: 00BBDB65
                                                                                                • _free.LIBCMT ref: 00BBDB82
                                                                                                • _free.LIBCMT ref: 00BBDB9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                • String ID:
                                                                                                • API String ID: 161543041-0
                                                                                                • Opcode ID: 00451ce743cd980f4a11742ae55feb000ce5c797f7b674d8ea39ce659af3bc85
                                                                                                • Instruction ID: f4cadcfec718cfc93fcc0a2fc3f2129284dc2f8e2081eed15f7c314d644d05ce
                                                                                                • Opcode Fuzzy Hash: 00451ce743cd980f4a11742ae55feb000ce5c797f7b674d8ea39ce659af3bc85
                                                                                                • Instruction Fuzzy Hash: CD311D71604605AFDB31AB39D845BF6B7E9FF00310F1548A9E489D7291EAF9EC40C724
                                                                                                Function 00BE365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00BE369C
                                                                                                • _wcslen.LIBCMT ref: 00BE36A7
                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00BE3797
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00BE380C
                                                                                                • GetDlgCtrlID.USER32(?), ref: 00BE385D
                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE3882
                                                                                                • GetParent.USER32(?), ref: 00BE38A0
                                                                                                • ScreenToClient.USER32(00000000), ref: 00BE38A7
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00BE3921
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00BE395D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                • String ID: %s%u
                                                                                                • API String ID: 4010501982-679674701
                                                                                                • Opcode ID: ff7a716569edf1e63f0db711898260f230c2489f92f18f35bb520e1855bd4ce7
                                                                                                • Instruction ID: 12474cbfab19fdd42ad61b59aa5852adc5056987f27fe983fde8c44d0ef511e7
                                                                                                • Opcode Fuzzy Hash: ff7a716569edf1e63f0db711898260f230c2489f92f18f35bb520e1855bd4ce7
                                                                                                • Instruction Fuzzy Hash: FF91B071204746AFDB18DF26C889FAAB7E8FF44710F008569F99AC3191DB30EA55CB91
                                                                                                Function 00BE4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00BE4994
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00BE49DA
                                                                                                • _wcslen.LIBCMT ref: 00BE49EB
                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00BE49F7
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00BE4A2C
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00BE4A64
                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00BE4A9D
                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00BE4AE6
                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00BE4B20
                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE4B8B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                • String ID: ThumbnailClass
                                                                                                • API String ID: 1311036022-1241985126
                                                                                                • Opcode ID: 29a0a19799b44b6473761b6717df392a9e58e0bdfb8cc82bc1c7a9bf33bc0510
                                                                                                • Instruction ID: 787d87b920621c76015d2fe29587061ad7015da29b7f0c83fdff6f30bf4a1d93
                                                                                                • Opcode Fuzzy Hash: 29a0a19799b44b6473761b6717df392a9e58e0bdfb8cc82bc1c7a9bf33bc0510
                                                                                                • Instruction Fuzzy Hash: A591CE710083459FDB04DF26C985FAAB7E8FF84314F0484A9FD869A196EB34ED45CBA1
                                                                                                Function 00BEBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(00C51990,000000FF,00000000,00000030), ref: 00BEBFAC
                                                                                                • SetMenuItemInfoW.USER32(00C51990,00000004,00000000,00000030), ref: 00BEBFE1
                                                                                                • Sleep.KERNEL32(000001F4), ref: 00BEBFF3
                                                                                                • GetMenuItemCount.USER32(?), ref: 00BEC039
                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00BEC056
                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00BEC082
                                                                                                • GetMenuItemID.USER32(?,?), ref: 00BEC0C9
                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BEC10F
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BEC124
                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BEC145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                • String ID: 0
                                                                                                • API String ID: 1460738036-4108050209
                                                                                                • Opcode ID: 463b1ba99444c02487cd42841985ae70f0877199dbe419986f236f413e3072a5
                                                                                                • Instruction ID: 327b2fdec967bf535ced0f6af07e577c2ad9c2ca8cac71a492b8c7d88ba6d34b
                                                                                                • Opcode Fuzzy Hash: 463b1ba99444c02487cd42841985ae70f0877199dbe419986f236f413e3072a5
                                                                                                • Instruction Fuzzy Hash: 2D615BB090028AAFDF11CF65D888BEEBFE9FB05344F144195F811A3292C735AD56DBA1
                                                                                                Function 00C13A23 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00C13A9D
                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00C13AA0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C13AC7
                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C13AEA
                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00C13B62
                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00C13BAC
                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00C13BC7
                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00C13BE2
                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00C13BF6
                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00C13C13
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$LongWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 312131281-3302991505
                                                                                                • Opcode ID: 38c5d1d2cdfbf28d92257d44556aa49e19ab045860dea92870d2d084a9ce552d
                                                                                                • Instruction ID: ff152e1ae076420401508b6c5480551bdd3b737a484dc3d287432e8dfa95ec54
                                                                                                • Opcode Fuzzy Hash: 38c5d1d2cdfbf28d92257d44556aa49e19ab045860dea92870d2d084a9ce552d
                                                                                                • Instruction Fuzzy Hash: 1E619A75900248AFDB10DFA8CC81FEE77F8EB0A314F140199FA15A72A1D770AE81EB50
                                                                                                Function 00BEDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00BEDC20
                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00BEDC46
                                                                                                • _wcslen.LIBCMT ref: 00BEDC50
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00BEDCA0
                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00BEDCBC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                • API String ID: 1939486746-1459072770
                                                                                                • Opcode ID: 2317c20f65a5aa4d56e73aeee60f1d8102c32cc8631b962a77688784f6be78cb
                                                                                                • Instruction ID: 8d46c9a7e32223a0303f703410e607175e589debede2c7395167adb68156785c
                                                                                                • Opcode Fuzzy Hash: 2317c20f65a5aa4d56e73aeee60f1d8102c32cc8631b962a77688784f6be78cb
                                                                                                • Instruction Fuzzy Hash: 7641F072A442017BDB10AB659C87EFF77ECEF43760F1040B9F900E6192EBB49A0197A5
                                                                                                Function 00C0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C0CC64
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00C0CC8D
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C0CD48
                                                                                                  • Part of subcall function 00C0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00C0CCAA
                                                                                                  • Part of subcall function 00C0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00C0CCBD
                                                                                                  • Part of subcall function 00C0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C0CCCF
                                                                                                  • Part of subcall function 00C0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C0CD05
                                                                                                  • Part of subcall function 00C0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C0CD28
                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C0CCF3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                • API String ID: 2734957052-4033151799
                                                                                                • Opcode ID: 4399f27ef1a1ec2a8f96fdad2ef7ae95690ed365ca7e9a0c1d82855a2590b4f4
                                                                                                • Instruction ID: 08eaefc928002f37334a0f8516576f36d10b18a8fb124f30180f1457b6559eaa
                                                                                                • Opcode Fuzzy Hash: 4399f27ef1a1ec2a8f96fdad2ef7ae95690ed365ca7e9a0c1d82855a2590b4f4
                                                                                                • Instruction Fuzzy Hash: F3316B71941228BBDB208B51DCC8FEFBB7CEF06750F004265F916E2280DB349A45DAA0
                                                                                                Function 00BF3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BF3D40
                                                                                                • _wcslen.LIBCMT ref: 00BF3D6D
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BF3D9D
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00BF3DBE
                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00BF3DCE
                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00BF3E55
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BF3E60
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00BF3E6B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                • String ID: :$\$\??\%s
                                                                                                • API String ID: 1149970189-3457252023
                                                                                                • Opcode ID: 2803f30b0266198a1f6894734006d9858bd34a9f39e0f42d2a2d54c0802eba4d
                                                                                                • Instruction ID: 6177ec105c54b40ecc1bf6f19ca1fce508693f47de764ee74b1baf90f74e200e
                                                                                                • Opcode Fuzzy Hash: 2803f30b0266198a1f6894734006d9858bd34a9f39e0f42d2a2d54c0802eba4d
                                                                                                • Instruction Fuzzy Hash: 2A318E75944219ABDB209BA0DC89FEF37FDEF89B50F1040B5F605D6060EB7497488B24
                                                                                                Function 00BEE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • timeGetTime.WINMM ref: 00BEE6B4
                                                                                                  • Part of subcall function 00B9E551: timeGetTime.WINMM(?,?,00BEE6D4), ref: 00B9E555
                                                                                                • Sleep.KERNEL32(0000000A), ref: 00BEE6E1
                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00BEE705
                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00BEE727
                                                                                                • SetActiveWindow.USER32 ref: 00BEE746
                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00BEE754
                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00BEE773
                                                                                                • Sleep.KERNEL32(000000FA), ref: 00BEE77E
                                                                                                • IsWindow.USER32 ref: 00BEE78A
                                                                                                • EndDialog.USER32(00000000), ref: 00BEE79B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                • String ID: BUTTON
                                                                                                • API String ID: 1194449130-3405671355
                                                                                                • Opcode ID: 21fbfff4c7c4cf1252ffd8e89d39ec04634c373cfdac778a5c00476e04e8197c
                                                                                                • Instruction ID: fb89c3fa2aa4afdc71279dc99a61044e6537831c62a0f3c37b0d4a193ee9dac8
                                                                                                • Opcode Fuzzy Hash: 21fbfff4c7c4cf1252ffd8e89d39ec04634c373cfdac778a5c00476e04e8197c
                                                                                                • Instruction Fuzzy Hash: D2219374240785AFEB005F21ECC9B6D3BE9F75674AF105464F825921B1DF71EC809B24
                                                                                                Function 00BEE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00BEEA5D
                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00BEEA73
                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BEEA84
                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00BEEA96
                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00BEEAA7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: SendString$_wcslen
                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                • API String ID: 2420728520-1007645807
                                                                                                • Opcode ID: 1accf3d48daa265e650cfcb497e0cfd49f833060d2ab9ff93350d09d0d62ce48
                                                                                                • Instruction ID: ed0105224c718aa6e8adbd9d8e06c095547aad7b308374d9cda28d27566d5e0b
                                                                                                • Opcode Fuzzy Hash: 1accf3d48daa265e650cfcb497e0cfd49f833060d2ab9ff93350d09d0d62ce48
                                                                                                • Instruction Fuzzy Hash: F111543165025979D720B762DC4AEFF6AFCFBD2F40F040479B411A20D5EBB04945C6B1
                                                                                                Function 00BE9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 00BEA012
                                                                                                • SetKeyboardState.USER32(?), ref: 00BEA07D
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00BEA09D
                                                                                                • GetKeyState.USER32(000000A0), ref: 00BEA0B4
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00BEA0E3
                                                                                                • GetKeyState.USER32(000000A1), ref: 00BEA0F4
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00BEA120
                                                                                                • GetKeyState.USER32(00000011), ref: 00BEA12E
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00BEA157
                                                                                                • GetKeyState.USER32(00000012), ref: 00BEA165
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00BEA18E
                                                                                                • GetKeyState.USER32(0000005B), ref: 00BEA19C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: c0cc06d980cf8fd45367954610c54dd43dedb857d3c169381e1f9a8edf372b75
                                                                                                • Instruction ID: 17d3767cd8c1dbe199f3f363a7e579780464b766b51912599156ee4b98791fa2
                                                                                                • Opcode Fuzzy Hash: c0cc06d980cf8fd45367954610c54dd43dedb857d3c169381e1f9a8edf372b75
                                                                                                • Instruction Fuzzy Hash: 315185209047C829FB35EB628855BEAAFF9DF12380F0885D9D5C2561C2DB54BA4CC7A7
                                                                                                Function 00BE5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00BE5CE2
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BE5CFB
                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00BE5D59
                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00BE5D69
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BE5D7B
                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00BE5DCF
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00BE5DDD
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00BE5DEF
                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00BE5E31
                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00BE5E44
                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00BE5E5A
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00BE5E67
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                • String ID:
                                                                                                • API String ID: 3096461208-0
                                                                                                • Opcode ID: efcd2f4c4db9675588ed3e294f7c3db04a09e15bd5993519ea6da509f74a035d
                                                                                                • Instruction ID: b4281aaa00ce70056f01f5536662e3c050df75e705f948d298067eee50593ece
                                                                                                • Opcode Fuzzy Hash: efcd2f4c4db9675588ed3e294f7c3db04a09e15bd5993519ea6da509f74a035d
                                                                                                • Instruction Fuzzy Hash: 4C512CB0A40609AFDB18CF69CD89BAEBBF5FB49304F108169F915E7290D7709E00CB50
                                                                                                Function 00BE96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00BCF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00BE9717
                                                                                                • LoadStringW.USER32(00000000,?,00BCF7F8,00000001), ref: 00BE9720
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00BCF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00BE9742
                                                                                                • LoadStringW.USER32(00000000,?,00BCF7F8,00000001), ref: 00BE9745
                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00BE9866
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                • API String ID: 747408836-2268648507
                                                                                                • Opcode ID: 7d4f42d47fff70156007b7c3a5743d7242e16497e41191c1f500273eecacdadf
                                                                                                • Instruction ID: 5031c2071ad3cbb5e47c00fc426b54b4cdd5d7814eeea048073fefb7ea1d4409
                                                                                                • Opcode Fuzzy Hash: 7d4f42d47fff70156007b7c3a5743d7242e16497e41191c1f500273eecacdadf
                                                                                                • Instruction Fuzzy Hash: E6413B72800219AACF04FBE0CD86EFEB7B8AF15740F5400A5F605720A2EB356F49CB61
                                                                                                Function 00BE06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00BE07A2
                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00BE07BE
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00BE07DA
                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00BE0804
                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00BE082C
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00BE0837
                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00BE083C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                • API String ID: 323675364-22481851
                                                                                                • Opcode ID: 9eca6cbb75b95e9d6e6ceafbff2933d0d261813923019b2ce75b3a6171eef144
                                                                                                • Instruction ID: 2b74583f95c9d41dbfa38e397fea7a08fbd7c1083fe33d17ab9e57a26c8d88ae
                                                                                                • Opcode Fuzzy Hash: 9eca6cbb75b95e9d6e6ceafbff2933d0d261813923019b2ce75b3a6171eef144
                                                                                                • Instruction Fuzzy Hash: 6B410672C10229ABDF11FBA4DC85DEDB7B8FF14750B0441A9F901A31A1EB749E45CBA0
                                                                                                Function 00C13C46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateMenu.USER32 ref: 00C13C79
                                                                                                • SetMenu.USER32(?,00000000), ref: 00C13C88
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C13D10
                                                                                                • IsMenu.USER32(?), ref: 00C13D24
                                                                                                • CreatePopupMenu.USER32 ref: 00C13D2E
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C13D5B
                                                                                                • DrawMenuBar.USER32 ref: 00C13D63
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                • String ID: 0$F$Hf
                                                                                                • API String ID: 161812096-203419199
                                                                                                • Opcode ID: b494e33b7c9b43b9af0b0d5b41244a9f0c54dc8a3fb3d84fc3c694f77ef56c22
                                                                                                • Instruction ID: e3b61773ce9ab901f5d7108123c75939a8d9b2271f9c6d126661aee1c068cfb4
                                                                                                • Opcode Fuzzy Hash: b494e33b7c9b43b9af0b0d5b41244a9f0c54dc8a3fb3d84fc3c694f77ef56c22
                                                                                                • Instruction Fuzzy Hash: BE418C78A01209AFDB14DF64E888BDE77B5FF4A354F144029F916A7360D730AA50DB94
                                                                                                Function 00C13F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00C1403B
                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00C14042
                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00C14055
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C1405D
                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00C14068
                                                                                                • DeleteDC.GDI32(00000000), ref: 00C14072
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00C1407C
                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00C14092
                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00C1409E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                • String ID: static
                                                                                                • API String ID: 2559357485-2160076837
                                                                                                • Opcode ID: 1e49f760bb31bb844f5f14911c77dd3cae9e2a77e30428f8112a1cff8418268c
                                                                                                • Instruction ID: 9ab074c011202a6520d7a9d77aecd5fd4fb65e2890033740fe83f9b9295cf805
                                                                                                • Opcode Fuzzy Hash: 1e49f760bb31bb844f5f14911c77dd3cae9e2a77e30428f8112a1cff8418268c
                                                                                                • Instruction Fuzzy Hash: DA317A32540215BBDF219FA4CC48FDE3BA9FF0E324F114211FA29A61A0C775D9A1EB90
                                                                                                Function 00C03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 00C03C5C
                                                                                                • CoInitialize.OLE32(00000000), ref: 00C03C8A
                                                                                                • CoUninitialize.OLE32 ref: 00C03C94
                                                                                                • _wcslen.LIBCMT ref: 00C03D2D
                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00C03DB1
                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00C03ED5
                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00C03F0E
                                                                                                • CoGetObject.OLE32(?,00000000,00C1FB98,?), ref: 00C03F2D
                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00C03F40
                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C03FC4
                                                                                                • VariantClear.OLEAUT32(?), ref: 00C03FD8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 429561992-0
                                                                                                • Opcode ID: 2874a25538e77af7068b9579097984a3a7c537c51b816907fbd9a773bf0502f7
                                                                                                • Instruction ID: 7f5b0de743ffb30843aea8e5a2609b05f8d351730d670f57cc208a77164155dc
                                                                                                • Opcode Fuzzy Hash: 2874a25538e77af7068b9579097984a3a7c537c51b816907fbd9a773bf0502f7
                                                                                                • Instruction Fuzzy Hash: 65C166716083419FD700DF68C88496BBBE9FF89744F10495DF99A9B2A0D730EE45CB52
                                                                                                Function 00BF7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 00BF7AF3
                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00BF7B8F
                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00BF7BA3
                                                                                                • CoCreateInstance.OLE32(00C1FD08,00000000,00000001,00C46E6C,?), ref: 00BF7BEF
                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00BF7C74
                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00BF7CCC
                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00BF7D57
                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00BF7D7A
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00BF7D81
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00BF7DD6
                                                                                                • CoUninitialize.OLE32 ref: 00BF7DDC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 2762341140-0
                                                                                                • Opcode ID: 0222457d0de938d47199842c515071ee0fa25023a7ddc773e948da41920d6b93
                                                                                                • Instruction ID: 94febdb004580853610c95c273403b3373563950319e30cb542982b53f4427fc
                                                                                                • Opcode Fuzzy Hash: 0222457d0de938d47199842c515071ee0fa25023a7ddc773e948da41920d6b93
                                                                                                • Instruction Fuzzy Hash: D8C13A75A04109AFDB14DFA4C898DAEBBF9FF49304B1484E8F9199B261DB30ED45CB90
                                                                                                Function 00BDFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00BDFAAF
                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00BDFB08
                                                                                                • VariantInit.OLEAUT32(?), ref: 00BDFB1A
                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00BDFB3A
                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00BDFB8D
                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00BDFBA1
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BDFBB6
                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00BDFBC3
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BDFBCC
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BDFBDE
                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BDFBE9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                • String ID:
                                                                                                • API String ID: 2706829360-0
                                                                                                • Opcode ID: d152e6387c36d9d147ec83b71f58bbe96699b476bd7e13c883ddefb091d5d60c
                                                                                                • Instruction ID: fa1f331e5ab9535a79f5b474ff50141ac18fc54388900108a7fb991870c60061
                                                                                                • Opcode Fuzzy Hash: d152e6387c36d9d147ec83b71f58bbe96699b476bd7e13c883ddefb091d5d60c
                                                                                                • Instruction Fuzzy Hash: 28414F35A0421A9FDB00DF64D894AFDBBB9FF08344F00806AF946A7261D730A945CB90
                                                                                                Function 00BE9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?), ref: 00BE9CA1
                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00BE9D22
                                                                                                • GetKeyState.USER32(000000A0), ref: 00BE9D3D
                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00BE9D57
                                                                                                • GetKeyState.USER32(000000A1), ref: 00BE9D6C
                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00BE9D84
                                                                                                • GetKeyState.USER32(00000011), ref: 00BE9D96
                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00BE9DAE
                                                                                                • GetKeyState.USER32(00000012), ref: 00BE9DC0
                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00BE9DD8
                                                                                                • GetKeyState.USER32(0000005B), ref: 00BE9DEA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: State$Async$Keyboard
                                                                                                • String ID:
                                                                                                • API String ID: 541375521-0
                                                                                                • Opcode ID: 1745c3adef0e82cd83817dbefd1a4056b3e04224af4d75ce299a3fc99ff2a9ca
                                                                                                • Instruction ID: c7c2bc6c940ff89f8a7b276f0a44b4f15ba1bc8b827c93f1edc70c29533faa12
                                                                                                • Opcode Fuzzy Hash: 1745c3adef0e82cd83817dbefd1a4056b3e04224af4d75ce299a3fc99ff2a9ca
                                                                                                • Instruction Fuzzy Hash: 6241D6345047D969FF30966688443F5BEE1EF12344F08C0EADAC6566C2DBA499CCC7A2
                                                                                                Function 00C19F86 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 260windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00C19FC7
                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00C19FE7
                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00C1A224
                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00C1A242
                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00C1A263
                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 00C1A282
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00C1A2A7
                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00C1A2CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 1211466189-3302991505
                                                                                                • Opcode ID: 6d67dbffe130f61993557fa464845745a83e8ffc13d32c953de04efb1c9ea918
                                                                                                • Instruction ID: e6f2c20a24a0647aeff0af437fa9e7b690d787d370e8f246f8b367724e6fb134
                                                                                                • Opcode Fuzzy Hash: 6d67dbffe130f61993557fa464845745a83e8ffc13d32c953de04efb1c9ea918
                                                                                                • Instruction Fuzzy Hash: C4B19731601215EFDF14CF68C9857EE3BF2BF4A701F188069EC59AB295D731AA80EB51
                                                                                                Function 00C0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00C005BC
                                                                                                • inet_addr.WSOCK32(?), ref: 00C0061C
                                                                                                • gethostbyname.WSOCK32(?), ref: 00C00628
                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00C00636
                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00C006C6
                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00C006E5
                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00C007B9
                                                                                                • WSACleanup.WSOCK32 ref: 00C007BF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                • String ID: Ping
                                                                                                • API String ID: 1028309954-2246546115
                                                                                                • Opcode ID: 512ab6bb16aafa8365145a7a5c636d5a1acd64fea925db505f550f130d411b23
                                                                                                • Instruction ID: f1b32e57c00f2102c8609e1c78c043eb8a2ae8a647f4d4ae65d498a24ca90ea4
                                                                                                • Opcode Fuzzy Hash: 512ab6bb16aafa8365145a7a5c636d5a1acd64fea925db505f550f130d411b23
                                                                                                • Instruction Fuzzy Hash: A99180756082019FD720DF19C888F1ABBE0BF45318F2585A9F4698B6A2C774ED45CF91
                                                                                                Function 00C08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                • API String ID: 707087890-567219261
                                                                                                • Opcode ID: cc5b3f66d7cc1e7482fa3eca4fab2115bc2a135acbe59813e2bbb8b41625fd9a
                                                                                                • Instruction ID: 6607774b6cdd0a4fc7d559ee108347e9bb0e8508bbaa3dd95aafca2314b4f761
                                                                                                • Opcode Fuzzy Hash: cc5b3f66d7cc1e7482fa3eca4fab2115bc2a135acbe59813e2bbb8b41625fd9a
                                                                                                • Instruction Fuzzy Hash: AF51C135A046179BCF14DF68C9409BEB7E5BF65720B218269E8B6E72C4DB30DE48C790
                                                                                                Function 00C0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32 ref: 00C03774
                                                                                                • CoUninitialize.OLE32 ref: 00C0377F
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00C1FB78,?), ref: 00C037D9
                                                                                                • IIDFromString.OLE32(?,?), ref: 00C0384C
                                                                                                • VariantInit.OLEAUT32(?), ref: 00C038E4
                                                                                                • VariantClear.OLEAUT32(?), ref: 00C03936
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                • API String ID: 636576611-1287834457
                                                                                                • Opcode ID: 6bf38e5b4588b740ea23cf7314b49e0a27eb6c14b056c18f46b25bd9b83e54b7
                                                                                                • Instruction ID: 6e25060fa89e8f75c427ba81cf607322fd821582a8ae7b84a8de513d45481ec5
                                                                                                • Opcode Fuzzy Hash: 6bf38e5b4588b740ea23cf7314b49e0a27eb6c14b056c18f46b25bd9b83e54b7
                                                                                                • Instruction Fuzzy Hash: 9161CF70608341AFD710DF55C888B6ABBE8FF49714F10499AF9959B2E1C770EE48CB92
                                                                                                Function 00C18B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                  • Part of subcall function 00B9912D: GetCursorPos.USER32(?), ref: 00B99141
                                                                                                  • Part of subcall function 00B9912D: ScreenToClient.USER32(00000000,?), ref: 00B9915E
                                                                                                  • Part of subcall function 00B9912D: GetAsyncKeyState.USER32(00000001), ref: 00B99183
                                                                                                  • Part of subcall function 00B9912D: GetAsyncKeyState.USER32(00000002), ref: 00B9919D
                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00C18B6B
                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00C18B71
                                                                                                • ReleaseCapture.USER32 ref: 00C18B77
                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00C18C12
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00C18C25
                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00C18CFF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$Hf
                                                                                                • API String ID: 1924731296-444852711
                                                                                                • Opcode ID: 8fd785602a78d6d724e177b1b3b6364f80a57a741d3108c36ec00bf913dd3b2f
                                                                                                • Instruction ID: 4d9b115e2e441e62d84b69a87267e3ca98c0445b0fdbf3f73b336ef22acc91c3
                                                                                                • Opcode Fuzzy Hash: 8fd785602a78d6d724e177b1b3b6364f80a57a741d3108c36ec00bf913dd3b2f
                                                                                                • Instruction Fuzzy Hash: 77518F74104300AFDB04EF14DC99BAE77E4FB89715F04066DF956672E1CB709A88DBA2
                                                                                                Function 00BF3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00BF33CF
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00BF33F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-3080491070
                                                                                                • Opcode ID: ab02389b333f948bd4247c7f135a155e2e5e7fffa8faca16bf2f42386a3b88c0
                                                                                                • Instruction ID: d907c462430fd624e0cc8892bc5030a9a3d89d2c18b0c1839a235305a2d9b122
                                                                                                • Opcode Fuzzy Hash: ab02389b333f948bd4247c7f135a155e2e5e7fffa8faca16bf2f42386a3b88c0
                                                                                                • Instruction Fuzzy Hash: 09518D7190020AAADF14FBA0CD56EFEB3F8EF15B40F1440A5F505720A2EB256F98DB61
                                                                                                Function 00BEB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                • API String ID: 1256254125-769500911
                                                                                                • Opcode ID: 9b359e5cd61cc39f31fe5744215c749218f652ad50d7389b249e7de2054de7a7
                                                                                                • Instruction ID: ff69371ae075d06e2232aa9cccd6d46a38c79cd589baaaf746598d6aaccfcade
                                                                                                • Opcode Fuzzy Hash: 9b359e5cd61cc39f31fe5744215c749218f652ad50d7389b249e7de2054de7a7
                                                                                                • Instruction Fuzzy Hash: 4741A472A001679ECB206F7E88909BFF7E5FFA1764B2441A9E465DB284E731CD81C790
                                                                                                Function 00BF5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00BF53A0
                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00BF5416
                                                                                                • GetLastError.KERNEL32 ref: 00BF5420
                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00BF54A7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                • API String ID: 4194297153-14809454
                                                                                                • Opcode ID: 416c1cc7f0ee62682ea4bf91ecc64ce4a6712a83c02635dcb5c183eaa2d8dde7
                                                                                                • Instruction ID: ea8fabedc19ca913efaaab9c748e068a965928ddfe31025dcb2b48b9b857ff89
                                                                                                • Opcode Fuzzy Hash: 416c1cc7f0ee62682ea4bf91ecc64ce4a6712a83c02635dcb5c183eaa2d8dde7
                                                                                                • Instruction Fuzzy Hash: EA318175A006099FCB20DF68C484BB9BBF4FB45305F148099E605DB366D771DD8ACBA1
                                                                                                Function 00BE1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00BE1F64
                                                                                                • GetDlgCtrlID.USER32 ref: 00BE1F6F
                                                                                                • GetParent.USER32 ref: 00BE1F8B
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BE1F8E
                                                                                                • GetDlgCtrlID.USER32(?), ref: 00BE1F97
                                                                                                • GetParent.USER32(?), ref: 00BE1FAB
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BE1FAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 711023334-1403004172
                                                                                                • Opcode ID: 1316186f1bcc635fdf37c82949625caf91bb2d363e7f19013290ab31c29d2c7f
                                                                                                • Instruction ID: c90e5e172e9a76a41531c81bb806b7a3a980bc13fe840a4342a0822c439d320c
                                                                                                • Opcode Fuzzy Hash: 1316186f1bcc635fdf37c82949625caf91bb2d363e7f19013290ab31c29d2c7f
                                                                                                • Instruction Fuzzy Hash: 5E21CC70900214ABCF00AFA4CC84EFEBBF8EF16340B104595B961A32A1DB358948CBA0
                                                                                                Function 00BE1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00BE2043
                                                                                                • GetDlgCtrlID.USER32 ref: 00BE204E
                                                                                                • GetParent.USER32 ref: 00BE206A
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BE206D
                                                                                                • GetDlgCtrlID.USER32(?), ref: 00BE2076
                                                                                                • GetParent.USER32(?), ref: 00BE208A
                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00BE208D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 711023334-1403004172
                                                                                                • Opcode ID: 0067a0e12b656bf8b488ccc4284e17373fce88cd5340c36de2bfb124dda681e0
                                                                                                • Instruction ID: 4ebe400c3330c5fd5cc7aab429db1368d1597f0cc757fcad24a504b9b6b3bc78
                                                                                                • Opcode Fuzzy Hash: 0067a0e12b656bf8b488ccc4284e17373fce88cd5340c36de2bfb124dda681e0
                                                                                                • Instruction Fuzzy Hash: 4C21BE71940214BBCF11AFA0CC85EFEBBF8FB09340F104095B951A72A2DB758954DB60
                                                                                                Function 00BEB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BEB151
                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB165
                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00BEB16C
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB17B
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00BEB18D
                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB1A6
                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB1B8
                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB1FD
                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB212
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00BEA1E1,?,00000001), ref: 00BEB21D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                • String ID:
                                                                                                • API String ID: 2156557900-0
                                                                                                • Opcode ID: bd5b85e2b4bec64578bdfa2f5cfc41cdd81a913305f8b4c3b7ea59e30c2f98ce
                                                                                                • Instruction ID: 29c075a9bc70fe597d10ffb7cb6ce4bd4dd7f73201e616789ce18ddf8b58db01
                                                                                                • Opcode Fuzzy Hash: bd5b85e2b4bec64578bdfa2f5cfc41cdd81a913305f8b4c3b7ea59e30c2f98ce
                                                                                                • Instruction Fuzzy Hash: A9318D79550384BFDB109F26DC88FAF7BA9FF91352F108045FA01E6190D7B89A808F64
                                                                                                Function 00BB2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00BB2C94
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BB2CA0
                                                                                                • _free.LIBCMT ref: 00BB2CAB
                                                                                                • _free.LIBCMT ref: 00BB2CB6
                                                                                                • _free.LIBCMT ref: 00BB2CC1
                                                                                                • _free.LIBCMT ref: 00BB2CCC
                                                                                                • _free.LIBCMT ref: 00BB2CD7
                                                                                                • _free.LIBCMT ref: 00BB2CE2
                                                                                                • _free.LIBCMT ref: 00BB2CED
                                                                                                • _free.LIBCMT ref: 00BB2CFB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: a3481386e697263b2d55611c20cb048e9bb8e686fbec11889e2d19a42eb142de
                                                                                                • Instruction ID: e440eda823d8e49cc5b1cf014d9c7f0def2f91da26f75573f3e06e29ceb1f5df
                                                                                                • Opcode Fuzzy Hash: a3481386e697263b2d55611c20cb048e9bb8e686fbec11889e2d19a42eb142de
                                                                                                • Instruction Fuzzy Hash: F7114476510108BFCB02EF54D982CED3BA5FF09350F5149A5FA889F722DAB1EE509B90
                                                                                                Function 00BF7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BF7FAD
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF7FC1
                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00BF7FEB
                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00BF8005
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF8017
                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BF8060
                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BF80B0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                • String ID: *.*
                                                                                                • API String ID: 769691225-438819550
                                                                                                • Opcode ID: d8915092365247f6b197d4fca7d5173f5e8a71444b8af84b27cce231d90c3ec8
                                                                                                • Instruction ID: 7cd6952fd1f66e0c3fc186fe68fb804973be973871e7b77614a14480e06f8bc5
                                                                                                • Opcode Fuzzy Hash: d8915092365247f6b197d4fca7d5173f5e8a71444b8af84b27cce231d90c3ec8
                                                                                                • Instruction Fuzzy Hash: D9819E715482499BCB20EE14C884ABEB3E8FB85314F5448DEFA85D7250EB34DD49CB92
                                                                                                Function 00C17E9E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00E16648), ref: 00C17F37
                                                                                                • IsWindowEnabled.USER32(00E16648), ref: 00C17F43
                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00C1801E
                                                                                                • SendMessageW.USER32(00E16648,000000B0,?,?), ref: 00C18051
                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00C18089
                                                                                                • GetWindowLongW.USER32(00E16648,000000EC), ref: 00C180AB
                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00C180C3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                • String ID: Hf
                                                                                                • API String ID: 4072528602-3302991505
                                                                                                • Opcode ID: 52d569ccdce6f26135d96c759bfff981b3513d84d9045c81c7134e371161857e
                                                                                                • Instruction ID: 5a7f3ba4dce19fb1bc17d4c6867b066d146be7558dfab638012d3e58f24c1d02
                                                                                                • Opcode Fuzzy Hash: 52d569ccdce6f26135d96c759bfff981b3513d84d9045c81c7134e371161857e
                                                                                                • Instruction Fuzzy Hash: 65717075608204AFEB21DFA4C884FEB7BB5FF0B300F144599F96557261CB31AA96EB10
                                                                                                Function 00B85BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00B85C7A
                                                                                                  • Part of subcall function 00B85D0A: GetClientRect.USER32(?,?), ref: 00B85D30
                                                                                                  • Part of subcall function 00B85D0A: GetWindowRect.USER32(?,?), ref: 00B85D71
                                                                                                  • Part of subcall function 00B85D0A: ScreenToClient.USER32(?,?), ref: 00B85D99
                                                                                                • GetDC.USER32 ref: 00BC46F5
                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00BC4708
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00BC4716
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00BC472B
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00BC4733
                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00BC47C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                • String ID: U
                                                                                                • API String ID: 4009187628-3372436214
                                                                                                • Opcode ID: 9f7370fc52e13a467acb29468affa2d7baac49801770841018bf86de1ca6d68c
                                                                                                • Instruction ID: 437bfc88a3f8b8426f5f9f16504a2abe47bd6490fe4d71b1303e6e8c70bfd1a8
                                                                                                • Opcode Fuzzy Hash: 9f7370fc52e13a467acb29468affa2d7baac49801770841018bf86de1ca6d68c
                                                                                                • Instruction Fuzzy Hash: 6371A734400205DFCF219F64C994FEA3BE5FB4A324F1842AAED555A2AAC7309E81DF60
                                                                                                Function 00BF359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00BF35E4
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • LoadStringW.USER32(00C52390,?,00000FFF,?), ref: 00BF360A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LoadString$_wcslen
                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                • API String ID: 4099089115-2391861430
                                                                                                • Opcode ID: 2801934b7556c0b1aa6e51e3eea9de539b79bb5a6958efd72947981a02a7c777
                                                                                                • Instruction ID: b255ab13d61d92d0ffe2f27475febd24785d5f0b2f0dc8c5e5c2dd74043a6abd
                                                                                                • Opcode Fuzzy Hash: 2801934b7556c0b1aa6e51e3eea9de539b79bb5a6958efd72947981a02a7c777
                                                                                                • Instruction Fuzzy Hash: D8513E71800209BADF15FBA0CC96EFDBBB4EF05740F1841A5F605721A1EB315A99DBA1
                                                                                                Function 00C12DFD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00C12E1C
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C12E4F
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C12E84
                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00C12EB6
                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00C12EE0
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C12EF1
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C12F0B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$MessageSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 2178440468-3302991505
                                                                                                • Opcode ID: 81cb51f9ba654238ddb9cc473dd18c89b19b79748edf6029c124b8ffa51aef82
                                                                                                • Instruction ID: 80daa8a0549dce93a6f7d1d81214b7e9aea96ab55654f8bf151c46a8c3ea7044
                                                                                                • Opcode Fuzzy Hash: 81cb51f9ba654238ddb9cc473dd18c89b19b79748edf6029c124b8ffa51aef82
                                                                                                • Instruction Fuzzy Hash: A731F4386442509FDB218F58DC88FA937E1FF4B722F194164F9219B2B1CB71ADA1AB41
                                                                                                Function 00BFC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BFC272
                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BFC29A
                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BFC2CA
                                                                                                • GetLastError.KERNEL32 ref: 00BFC322
                                                                                                • SetEvent.KERNEL32(?), ref: 00BFC336
                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00BFC341
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                • String ID:
                                                                                                • API String ID: 3113390036-3916222277
                                                                                                • Opcode ID: 9651352d383e351a1eef5a1cd60173c2f5d4d1dfc35c87675cfab3760dbce769
                                                                                                • Instruction ID: 7b2f8eec551a049f78b8bd714e1dc28d10c019324d778e61e04d5b9b9c942d1e
                                                                                                • Opcode Fuzzy Hash: 9651352d383e351a1eef5a1cd60173c2f5d4d1dfc35c87675cfab3760dbce769
                                                                                                • Instruction Fuzzy Hash: 6B316DB164020CAFD7219F648A88BBB7FFCEB4A784B14855EF546D3240DB30DD889B65
                                                                                                Function 00BE989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00BC3AAF,?,?,Bad directive syntax error,00C1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00BE98BC
                                                                                                • LoadStringW.USER32(00000000,?,00BC3AAF,?), ref: 00BE98C3
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00BE9987
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                • API String ID: 858772685-4153970271
                                                                                                • Opcode ID: 0100849e460592970f09ba28806e0fc16e55e2c76209b364644026fec066e2a9
                                                                                                • Instruction ID: 698ebefb5d8002b5218b4e00ca533d442e3e3e8fde5c468665af6b3fd4677c96
                                                                                                • Opcode Fuzzy Hash: 0100849e460592970f09ba28806e0fc16e55e2c76209b364644026fec066e2a9
                                                                                                • Instruction Fuzzy Hash: F0218D3294021AABCF15EF90CC46EFE77B5FF19700F0844A9F515620A2EB719A58DB51
                                                                                                Function 00BE209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32 ref: 00BE20AB
                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00BE20C0
                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00BE214D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                • API String ID: 1290815626-3381328864
                                                                                                • Opcode ID: 164466e16aa1ba3aaa26ce7b31c6540e843f376e00cf5631443af05f64fa4f9e
                                                                                                • Instruction ID: f456556f30ef00b6fc565e21b38454eb471acee8dc2b5d8f9e1c603c1c92437f
                                                                                                • Opcode Fuzzy Hash: 164466e16aa1ba3aaa26ce7b31c6540e843f376e00cf5631443af05f64fa4f9e
                                                                                                • Instruction Fuzzy Hash: EA1106766C8706BBFA012321EC06EEA37DCEB06324B2000A6FB04B50E2EBA169015615
                                                                                                Function 00BB8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 02c21190e0109e7c5693fa4bfd119a052ba9652423d10a68a84a64b3d2237a87
                                                                                                • Instruction ID: 24327fcc46a3c8b2de507eb5a5c622fe0dc1971e9089d2f2ea73ac127ff2fef8
                                                                                                • Opcode Fuzzy Hash: 02c21190e0109e7c5693fa4bfd119a052ba9652423d10a68a84a64b3d2237a87
                                                                                                • Instruction Fuzzy Hash: 4FC1BD74A04349AFDB11AFA8D885BFDBBF4AF0A310F1441D9F915A7292CBB09941CB61
                                                                                                Function 00BBCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                • String ID:
                                                                                                • API String ID: 1282221369-0
                                                                                                • Opcode ID: 85abae3b5d78e9d57597b8002b5783285881acbfc568bcfaf44ab6158a24c4d3
                                                                                                • Instruction ID: eaf7a1037c886952064a80742aea6f9fe0069f9b8dfe1040520b87cbccf637b8
                                                                                                • Opcode Fuzzy Hash: 85abae3b5d78e9d57597b8002b5783285881acbfc568bcfaf44ab6158a24c4d3
                                                                                                • Instruction Fuzzy Hash: 63611071A04301ABDB21EFB49891BFE7FE6EF05320F1441EDF944AB282E6B59D458790
                                                                                                Function 00B98B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00BD6890
                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00BD68A9
                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00BD68B9
                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00BD68D1
                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00BD68F2
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B98874,00000000,00000000,00000000,000000FF,00000000), ref: 00BD6901
                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00BD691E
                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B98874,00000000,00000000,00000000,000000FF,00000000), ref: 00BD692D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 1268354404-0
                                                                                                • Opcode ID: 3ad3012eecb8f4722894ef5af26e8e31d8a63b95ddcb50d052d461fad9b2b251
                                                                                                • Instruction ID: 6c5a862a928a674f1183f39ab86c8928f5e959e78a273c52de569b5a8661b4b1
                                                                                                • Opcode Fuzzy Hash: 3ad3012eecb8f4722894ef5af26e8e31d8a63b95ddcb50d052d461fad9b2b251
                                                                                                • Instruction Fuzzy Hash: 6C516970600209EFDF20CF24CC95BAA7BF5FB49760F144569F916972A0EB72E990DB50
                                                                                                Function 00BFC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BFC182
                                                                                                • GetLastError.KERNEL32 ref: 00BFC195
                                                                                                • SetEvent.KERNEL32(?), ref: 00BFC1A9
                                                                                                  • Part of subcall function 00BFC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BFC272
                                                                                                  • Part of subcall function 00BFC253: GetLastError.KERNEL32 ref: 00BFC322
                                                                                                  • Part of subcall function 00BFC253: SetEvent.KERNEL32(?), ref: 00BFC336
                                                                                                  • Part of subcall function 00BFC253: InternetCloseHandle.WININET(00000000), ref: 00BFC341
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 337547030-0
                                                                                                • Opcode ID: e0e28b017134f2a9e131fd34f4d9af327f29560d76fe6d653a07f2089e2026da
                                                                                                • Instruction ID: da857abf3d5abdf15a1f094d57267acc80dbd4f1010f4240a34a5ad9fcf46118
                                                                                                • Opcode Fuzzy Hash: e0e28b017134f2a9e131fd34f4d9af327f29560d76fe6d653a07f2089e2026da
                                                                                                • Instruction Fuzzy Hash: D4319C7124060DAFDB219FA5DE84BBABFE8FF19300B00845DFA5683610C730E958DBA0
                                                                                                Function 00BE25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BE3A57
                                                                                                  • Part of subcall function 00BE3A3D: GetCurrentThreadId.KERNEL32 ref: 00BE3A5E
                                                                                                  • Part of subcall function 00BE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BE25B3), ref: 00BE3A65
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BE25BD
                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00BE25DB
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00BE25DF
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BE25E9
                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00BE2601
                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00BE2605
                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00BE260F
                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00BE2623
                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00BE2627
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2014098862-0
                                                                                                • Opcode ID: 8bccffd772cc7cb2be83cfaccce0be7c6ee3f944e6ca9a15afd0b8c15818f1ca
                                                                                                • Instruction ID: 07c8fa235cb1710b5d3a5fd3e640f25fdef4c3068b0b4912da600e9316f8a9fd
                                                                                                • Opcode Fuzzy Hash: 8bccffd772cc7cb2be83cfaccce0be7c6ee3f944e6ca9a15afd0b8c15818f1ca
                                                                                                • Instruction Fuzzy Hash: 1101B1302D0354BBFB1067699CCAF9D3E99EB4AB12F204011F318AF0D1CAE224448A69
                                                                                                Function 00BE1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00BE1449,?,?,00000000), ref: 00BE180C
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00BE1449,?,?,00000000), ref: 00BE1813
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BE1449,?,?,00000000), ref: 00BE1828
                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00BE1449,?,?,00000000), ref: 00BE1830
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00BE1449,?,?,00000000), ref: 00BE1833
                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BE1449,?,?,00000000), ref: 00BE1843
                                                                                                • GetCurrentProcess.KERNEL32(00BE1449,00000000,?,00BE1449,?,?,00000000), ref: 00BE184B
                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00BE1449,?,?,00000000), ref: 00BE184E
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00BE1874,00000000,00000000,00000000), ref: 00BE1868
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 1957940570-0
                                                                                                • Opcode ID: f01e0482adf484454f1c388332f5506d0e9beeafa785d7849ce20cc1e230fc36
                                                                                                • Instruction ID: 9395b4ba4462300140161c10e35c7747828c1cb4bab674be2d2aaf457e616960
                                                                                                • Opcode Fuzzy Hash: f01e0482adf484454f1c388332f5506d0e9beeafa785d7849ce20cc1e230fc36
                                                                                                • Instruction Fuzzy Hash: 6D01ACB52C0344BFE610AB65DC89F9F7BACFB8AB11F508411FA05DB1A1C67098118B20
                                                                                                Function 00C0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00BED501
                                                                                                  • Part of subcall function 00BED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00BED50F
                                                                                                  • Part of subcall function 00BED4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00BED5DC
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C0A16D
                                                                                                • GetLastError.KERNEL32 ref: 00C0A180
                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C0A1B3
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00C0A268
                                                                                                • GetLastError.KERNEL32(00000000), ref: 00C0A273
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0A2C4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                                • String ID: SeDebugPrivilege
                                                                                                • API String ID: 1701285019-2896544425
                                                                                                • Opcode ID: c3e18f872c9b214566c515e03fa33c570efc497365897d275e823ce0b14d5fdd
                                                                                                • Instruction ID: c6a76f5027733c5eeffd8f9eefe105df56b582926047f521c62cc35eb45315b9
                                                                                                • Opcode Fuzzy Hash: c3e18f872c9b214566c515e03fa33c570efc497365897d275e823ce0b14d5fdd
                                                                                                • Instruction Fuzzy Hash: CC617B70208342AFD720DF19C494F5ABBE1AF54318F14849CE46A8B7A3C776ED49CB92
                                                                                                Function 00C13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00C13925
                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00C1393A
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00C13954
                                                                                                • _wcslen.LIBCMT ref: 00C13999
                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00C139C6
                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00C139F4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                • String ID: SysListView32
                                                                                                • API String ID: 2147712094-78025650
                                                                                                • Opcode ID: c3fc515a7a42125294729b216cabb8648abddac82ef86eb727de01a38a7c51ea
                                                                                                • Instruction ID: ff0731c7c53c1f2c784408348821ea037cbdd3c6428979a9a811cbd726cd7821
                                                                                                • Opcode Fuzzy Hash: c3fc515a7a42125294729b216cabb8648abddac82ef86eb727de01a38a7c51ea
                                                                                                • Instruction Fuzzy Hash: C041A071A00258ABEF219F64CC49BEE7BA9FF09354F100526F958E72C1D7B19E84DB90
                                                                                                Function 00BEBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BEBCFD
                                                                                                • IsMenu.USER32(00000000), ref: 00BEBD1D
                                                                                                • CreatePopupMenu.USER32 ref: 00BEBD53
                                                                                                • GetMenuItemCount.USER32(00E166C0), ref: 00BEBDA4
                                                                                                • InsertMenuItemW.USER32(00E166C0,?,00000001,00000030), ref: 00BEBDCC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                • String ID: 0$2
                                                                                                • API String ID: 93392585-3793063076
                                                                                                • Opcode ID: f174e8168313a8bc17210f658a10536df78d3c5e4eb742942a914ac476603225
                                                                                                • Instruction ID: 2a75ae57ea05cefa351ebb5760fa23c39907040913a8e49b2f4b900d6355839d
                                                                                                • Opcode Fuzzy Hash: f174e8168313a8bc17210f658a10536df78d3c5e4eb742942a914ac476603225
                                                                                                • Instruction Fuzzy Hash: 22519D70A042899BDB10CFAADCC4FAFBBF5FF45314F2482A9E41197290D7709941CB51
                                                                                                Function 00C181DB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00BDF3AB,00000000,?,?,00000000,?,00BD682C,00000004,00000000,00000000), ref: 00C1824C
                                                                                                • EnableWindow.USER32(?,00000000), ref: 00C18272
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00C182D1
                                                                                                • ShowWindow.USER32(?,00000004), ref: 00C182E5
                                                                                                • EnableWindow.USER32(?,00000001), ref: 00C1830B
                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00C1832F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 642888154-3302991505
                                                                                                • Opcode ID: 374af01dfa0c99e2467931502ec73d710008328295437b6a4a42fdd3f6648e95
                                                                                                • Instruction ID: 2ba9408783e1d7bbc4545693bce0670055745a95b03625ac61c0f3cb3ceede0b
                                                                                                • Opcode Fuzzy Hash: 374af01dfa0c99e2467931502ec73d710008328295437b6a4a42fdd3f6648e95
                                                                                                • Instruction Fuzzy Hash: 5E41C374605640AFDF22CF14C899BE87BE0BB0B715F1C4168F9285B2B2CB71AD89DB40
                                                                                                Function 00BEC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00BEC913
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: IconLoad
                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                • API String ID: 2457776203-404129466
                                                                                                • Opcode ID: 79e2184888d07f3b544c94cb462c6ac41d14fbb7f9931f1b3dd4bb0b4f88ab6b
                                                                                                • Instruction ID: ceca26ebe85ffd54b989e1a35bb52bd537bbd8475b96e6ef9f4c38db769145e4
                                                                                                • Opcode Fuzzy Hash: 79e2184888d07f3b544c94cb462c6ac41d14fbb7f9931f1b3dd4bb0b4f88ab6b
                                                                                                • Instruction Fuzzy Hash: AF113A3668D346BAE7029B15DCC3DAE2BDCEF16315B2000BAF500A62C3E7B49E015269
                                                                                                Function 00BEDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                • String ID: 0.0.0.0
                                                                                                • API String ID: 642191829-3771769585
                                                                                                • Opcode ID: 9bf6aa9575780d6d0ebe757a0a654da3db4b68bfa2c0d457650ab3a9e95fb826
                                                                                                • Instruction ID: 1b43e25259e73ca372dabddf14860bb7f1680804f4b8a68a711319e6e138d5cd
                                                                                                • Opcode Fuzzy Hash: 9bf6aa9575780d6d0ebe757a0a654da3db4b68bfa2c0d457650ab3a9e95fb826
                                                                                                • Instruction Fuzzy Hash: 9911B171904115AFDF20AB619C8AFEF77ECEB56711F0001E9F545AA091EFF1CA819AA0
                                                                                                Function 00BEED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$LocalTime
                                                                                                • String ID:
                                                                                                • API String ID: 952045576-0
                                                                                                • Opcode ID: 951986eeda6691345538377bce7251174a6fe25176c541aaf7cd5ea49e6b56e9
                                                                                                • Instruction ID: d02571f72f511ab615bc5c5289ede6a678bf4e426ac2d177e1edc6d10c8b0b59
                                                                                                • Opcode Fuzzy Hash: 951986eeda6691345538377bce7251174a6fe25176c541aaf7cd5ea49e6b56e9
                                                                                                • Instruction Fuzzy Hash: B5419365C10258B9CB11EBF5CC8AACFB7ECAF46710F5084A6E524E3121FB34E655C3A5
                                                                                                Function 00B9F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BD682C,00000004,00000000,00000000), ref: 00B9F953
                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00BD682C,00000004,00000000,00000000), ref: 00BDF3D1
                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BD682C,00000004,00000000,00000000), ref: 00BDF454
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ShowWindow
                                                                                                • String ID:
                                                                                                • API String ID: 1268545403-0
                                                                                                • Opcode ID: 1bf88ef85ab782857ebe5533edaa9c84bcdcf158c779c48de63d5e03bcb45bde
                                                                                                • Instruction ID: c5860d8a2db1dad9d910015bbc468f667c834cfacf470f5136fb65f79e9035d0
                                                                                                • Opcode Fuzzy Hash: 1bf88ef85ab782857ebe5533edaa9c84bcdcf158c779c48de63d5e03bcb45bde
                                                                                                • Instruction Fuzzy Hash: 0C41E931618642BACF399B2988C877ABBD2FB57334F1484BDF447D6660D671E880CB51
                                                                                                Function 00C12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteObject.GDI32(00000000), ref: 00C12D1B
                                                                                                • GetDC.USER32(00000000), ref: 00C12D23
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C12D2E
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00C12D3A
                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00C12D76
                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00C12D87
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00C15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00C12DC2
                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00C12DE1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3864802216-0
                                                                                                • Opcode ID: 12a03e346908e43d50268c5eed762e55d80eab4a97d9683b182caf83f8e8a319
                                                                                                • Instruction ID: ca1d234862f33613089ba1f168c3d65a3b5792ce4cb11555c1682d46901902c4
                                                                                                • Opcode Fuzzy Hash: 12a03e346908e43d50268c5eed762e55d80eab4a97d9683b182caf83f8e8a319
                                                                                                • Instruction Fuzzy Hash: FC317A76241214BFEB258F50DC8AFEB3BA9FF0A715F048055FE089A291C6759D90CBA4
                                                                                                Function 00BE5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: dca1d181f0979f52df83c029316c3f4c0ba3dd60490d4d032a17d44e0799cf3d
                                                                                                • Instruction ID: bf2b3b1142c0ad39a3cb0a6feb05bf23083984fec52b8e21a0a55a63dd74135b
                                                                                                • Opcode Fuzzy Hash: dca1d181f0979f52df83c029316c3f4c0ba3dd60490d4d032a17d44e0799cf3d
                                                                                                • Instruction Fuzzy Hash: BD21C561644A497FD6349E268EA2FFF23DCEE22388F4400B4FD059A581F760ED1191E9
                                                                                                Function 00C04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                • API String ID: 0-572801152
                                                                                                • Opcode ID: d3b4f10367c04f9a201cb0495226fea6061c827eaf225f57778f091001989577
                                                                                                • Instruction ID: f1b033edf937c3076e44e22f40ace926d17c8f00db7ae1b9e1b6675430c12250
                                                                                                • Opcode Fuzzy Hash: d3b4f10367c04f9a201cb0495226fea6061c827eaf225f57778f091001989577
                                                                                                • Instruction Fuzzy Hash: 59D1B175A0060A9FDF10CFA8C881BAEB7B5FF48354F148069E925AB291E770DE45CF90
                                                                                                Function 00BC1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00BC17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00BC15CE
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00BC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BC1651
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00BC17FB,?,00BC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BC16E4
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00BC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BC16FB
                                                                                                  • Part of subcall function 00BB3820: RtlAllocateHeap.NTDLL(00000000,?,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6,?,00B81129), ref: 00BB3852
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00BC17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BC1777
                                                                                                • __freea.LIBCMT ref: 00BC17A2
                                                                                                • __freea.LIBCMT ref: 00BC17AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                • String ID:
                                                                                                • API String ID: 2829977744-0
                                                                                                • Opcode ID: 70836a14f2a8cdf459fefb1f9f2d0143e1119c77dd1c9cecd2fbf3a0eae8e174
                                                                                                • Instruction ID: 53cc0fa382ef81df9ac5c07d1f3c06bc9e967202f119ee23b8acba3ed74ee38f
                                                                                                • Opcode Fuzzy Hash: 70836a14f2a8cdf459fefb1f9f2d0143e1119c77dd1c9cecd2fbf3a0eae8e174
                                                                                                • Instruction Fuzzy Hash: 67918171E102169ADB208E68C891FEE7BF5EF5A710F184AAEE811F7142D735DD408BA0
                                                                                                Function 00C04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit
                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                • API String ID: 2610073882-625585964
                                                                                                • Opcode ID: 4d0d16ad5868800d49e55cc242abd1c74984da9938b51053312f056e0cdf97da
                                                                                                • Instruction ID: cb20ee2413e1639a9880db5874c07468b98c6c58f45a9fb921461412e828103b
                                                                                                • Opcode Fuzzy Hash: 4d0d16ad5868800d49e55cc242abd1c74984da9938b51053312f056e0cdf97da
                                                                                                • Instruction Fuzzy Hash: BE9162B1A00215ABDF28CFA5C844FAF7BB8EF46714F108559F615AB281D7709945CFA0
                                                                                                Function 00BF1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00BF125C
                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00BF1284
                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00BF12A8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BF12D8
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BF135F
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BF13C4
                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BF1430
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                • String ID:
                                                                                                • API String ID: 2550207440-0
                                                                                                • Opcode ID: 410ac1aa059f0d3c2bfe8632abb226e4a3053e3b499594fd7bb37b0c6cb85b29
                                                                                                • Instruction ID: 1386a37e317e40d8921141c5dd7cfebe113f3ff7238145499a2253476358d877
                                                                                                • Opcode Fuzzy Hash: 410ac1aa059f0d3c2bfe8632abb226e4a3053e3b499594fd7bb37b0c6cb85b29
                                                                                                • Instruction Fuzzy Hash: A391B171A00209EFDB00DF98D885BBEB7F5FF45325F1088A9E610EB291D774A949CB90
                                                                                                Function 00B9948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: c0d77106f61b9dcc606d5448a8cf47e73df0dbd64413d0267635888a50b617a2
                                                                                                • Instruction ID: 43177dc97832ac22848ea53c376f921c4fe7fc8b3a10b3f53ca927e4fb69875d
                                                                                                • Opcode Fuzzy Hash: c0d77106f61b9dcc606d5448a8cf47e73df0dbd64413d0267635888a50b617a2
                                                                                                • Instruction Fuzzy Hash: 38912671940219EFCF50CFA9C884AEEBBB8FF49320F15809AE515B7251D774A942CB60
                                                                                                Function 00C03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 00C0396B
                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C03A7A
                                                                                                • _wcslen.LIBCMT ref: 00C03A8A
                                                                                                • VariantClear.OLEAUT32(?), ref: 00C03C1F
                                                                                                  • Part of subcall function 00BF0CDF: VariantInit.OLEAUT32(00000000), ref: 00BF0D1F
                                                                                                  • Part of subcall function 00BF0CDF: VariantCopy.OLEAUT32(?,?), ref: 00BF0D28
                                                                                                  • Part of subcall function 00BF0CDF: VariantClear.OLEAUT32(?), ref: 00BF0D34
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                • API String ID: 4137639002-1221869570
                                                                                                • Opcode ID: 8137eb92b08a8865306573344085e289e670fc0c341dc8ddb811fb387ec9fcd7
                                                                                                • Instruction ID: 6788224923eddaab8c9f5aca07e926ac8f94ced427919c64082d4982dffa909b
                                                                                                • Opcode Fuzzy Hash: 8137eb92b08a8865306573344085e289e670fc0c341dc8ddb811fb387ec9fcd7
                                                                                                • Instruction Fuzzy Hash: 0E917B746083459FCB04EF64C48096AB7E8FF89714F14896DF89A9B391DB30EE45CB92
                                                                                                Function 00C04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?,?,00BE035E), ref: 00BE002B
                                                                                                  • Part of subcall function 00BE000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?), ref: 00BE0046
                                                                                                  • Part of subcall function 00BE000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?), ref: 00BE0054
                                                                                                  • Part of subcall function 00BE000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?), ref: 00BE0064
                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00C04C51
                                                                                                • _wcslen.LIBCMT ref: 00C04D59
                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00C04DCF
                                                                                                • CoTaskMemFree.OLE32(?), ref: 00C04DDA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                • String ID: NULL Pointer assignment
                                                                                                • API String ID: 614568839-2785691316
                                                                                                • Opcode ID: 6e3f2bd55bcd7d162fac965c8ccd2e267b1732dcbc5109b933b53341fa976b5f
                                                                                                • Instruction ID: b35f3e4cca367000cc1317fba213fee67eba2ec61db3de70216081efbc0a97f4
                                                                                                • Opcode Fuzzy Hash: 6e3f2bd55bcd7d162fac965c8ccd2e267b1732dcbc5109b933b53341fa976b5f
                                                                                                • Instruction Fuzzy Hash: 899109B1D0021D9FDF14EFA4C891AEEB7B9BF08310F1081AAE525B7291DB709A45CF60
                                                                                                Function 00C120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenu.USER32(?), ref: 00C12183
                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00C121B5
                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00C121DD
                                                                                                • _wcslen.LIBCMT ref: 00C12213
                                                                                                • GetMenuItemID.USER32(?,?), ref: 00C1224D
                                                                                                • GetSubMenu.USER32(?,?), ref: 00C1225B
                                                                                                  • Part of subcall function 00BE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BE3A57
                                                                                                  • Part of subcall function 00BE3A3D: GetCurrentThreadId.KERNEL32 ref: 00BE3A5E
                                                                                                  • Part of subcall function 00BE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BE25B3), ref: 00BE3A65
                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C122E3
                                                                                                  • Part of subcall function 00BEE97B: Sleep.KERNEL32 ref: 00BEE9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 4196846111-0
                                                                                                • Opcode ID: 1da7ca2f7557cba4dbed1d6f636bb3f5311955cdbc6d3135629f2cf2fa91ed87
                                                                                                • Instruction ID: bd1081595b7c9fe260d34a961ae35e5956cfbb63a66740022d5e8ca39427ce02
                                                                                                • Opcode Fuzzy Hash: 1da7ca2f7557cba4dbed1d6f636bb3f5311955cdbc6d3135629f2cf2fa91ed87
                                                                                                • Instruction Fuzzy Hash: 75719179A00205AFCB10DF65C845AEEB7F5FF49320F148498E826EB351D734EE819B90
                                                                                                Function 00BEAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(?), ref: 00BEAEF9
                                                                                                • GetKeyboardState.USER32(?), ref: 00BEAF0E
                                                                                                • SetKeyboardState.USER32(?), ref: 00BEAF6F
                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00BEAF9D
                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00BEAFBC
                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00BEAFFD
                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00BEB020
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: 17bd443c82e0d4cc942189a45f14f1a61ec293d5039347005d06b7edb36bafb6
                                                                                                • Instruction ID: 9bf178071333cddf206678d5fb6fd82e779b5718f67545b3b84a27283177548e
                                                                                                • Opcode Fuzzy Hash: 17bd443c82e0d4cc942189a45f14f1a61ec293d5039347005d06b7edb36bafb6
                                                                                                • Instruction Fuzzy Hash: 0C51AEA06046D53DFB3683368845BBBBEE99B06304F0885C9F1D9958D3C398F888D791
                                                                                                Function 00BEACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetParent.USER32(00000000), ref: 00BEAD19
                                                                                                • GetKeyboardState.USER32(?), ref: 00BEAD2E
                                                                                                • SetKeyboardState.USER32(?), ref: 00BEAD8F
                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00BEADBB
                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00BEADD8
                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00BEAE17
                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00BEAE38
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                • String ID:
                                                                                                • API String ID: 87235514-0
                                                                                                • Opcode ID: fbf8eb94ff21cb73487f06409bdd2a6409e1eabc91d9849129ea8f360a5bbaf8
                                                                                                • Instruction ID: e6178ba3737a60feb602d39ae8bf73bf5befe46a039e91df6d6da45d48b73822
                                                                                                • Opcode Fuzzy Hash: fbf8eb94ff21cb73487f06409bdd2a6409e1eabc91d9849129ea8f360a5bbaf8
                                                                                                • Instruction Fuzzy Hash: 0851D1A15047D53DFB3282268C95BBABEEDAF46300F1885D8F1D5568C2C394FC98D762
                                                                                                Function 00BB542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetConsoleCP.KERNEL32(00BC3CD6,?,?,?,?,?,?,?,?,00BB5BA3,?,?,00BC3CD6,?,?), ref: 00BB5470
                                                                                                • __fassign.LIBCMT ref: 00BB54EB
                                                                                                • __fassign.LIBCMT ref: 00BB5506
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00BC3CD6,00000005,00000000,00000000), ref: 00BB552C
                                                                                                • WriteFile.KERNEL32(?,00BC3CD6,00000000,00BB5BA3,00000000,?,?,?,?,?,?,?,?,?,00BB5BA3,?), ref: 00BB554B
                                                                                                • WriteFile.KERNEL32(?,?,00000001,00BB5BA3,00000000,?,?,?,?,?,?,?,?,?,00BB5BA3,?), ref: 00BB5584
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                • String ID:
                                                                                                • API String ID: 1324828854-0
                                                                                                • Opcode ID: fcfdba36153b4d2fce44cf987d83800e4b1bb2b4a289e60d5ec8848f9d5258c6
                                                                                                • Instruction ID: 5fd3e1657363bf93e5ce1f3c98c4309321f2d05004bf565d7b3d889bf24b040a
                                                                                                • Opcode Fuzzy Hash: fcfdba36153b4d2fce44cf987d83800e4b1bb2b4a289e60d5ec8848f9d5258c6
                                                                                                • Instruction Fuzzy Hash: FD51D371A00648AFDB20CFA8D881BFEBBF9EF19301F14419AF555E7291D7B09A41CB61
                                                                                                Function 00C16B76 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00C16C33
                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00C16C4A
                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00C16C73
                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00BFAB79,00000000,00000000), ref: 00C16C98
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00C16CC7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3688381893-3302991505
                                                                                                • Opcode ID: c3b1c05ea6f329513922c3b6f270661ce3c8bcd4fea9a359d0ffe339ad434d97
                                                                                                • Instruction ID: fd3229eca785378ddd9154df8e7d8ea4878e3fc05759328a5e5c8812c4e2e790
                                                                                                • Opcode Fuzzy Hash: c3b1c05ea6f329513922c3b6f270661ce3c8bcd4fea9a359d0ffe339ad434d97
                                                                                                • Instruction Fuzzy Hash: 4E41B935604104AFD724CF29CC68FE97BA5EB0B350F154258FDA5A72E0D771EE81EA90
                                                                                                Function 00BA2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00BA2D4B
                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00BA2D53
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00BA2DE1
                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00BA2E0C
                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00BA2E61
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                • String ID: csm
                                                                                                • API String ID: 1170836740-1018135373
                                                                                                • Opcode ID: a1b34cec62deafe560d7154736acab34ce4a806fad72426f11aa4caff2752222
                                                                                                • Instruction ID: e87612afbbc5a2c586f57407a3d4b02216dadcf71b4db5a925c7e7c0b5599b3a
                                                                                                • Opcode Fuzzy Hash: a1b34cec62deafe560d7154736acab34ce4a806fad72426f11aa4caff2752222
                                                                                                • Instruction Fuzzy Hash: 8E41A134A08209ABCF10DF6CC885A9EBBF5FF46324F1481A5F8156B392D735EA15CB90
                                                                                                Function 00C010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00C0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C0307A
                                                                                                  • Part of subcall function 00C0304E: _wcslen.LIBCMT ref: 00C0309B
                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C01112
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01121
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C011C9
                                                                                                • closesocket.WSOCK32(00000000), ref: 00C011F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                • String ID:
                                                                                                • API String ID: 2675159561-0
                                                                                                • Opcode ID: aef970fbcc94a0819c6f20981ad9f6f6ed32ecff9336cd0e69e090b50fb85f0f
                                                                                                • Instruction ID: ad45c3ab10acbac094e4f55e3eb1dcf65463145ea2c5a3dc5d71bd9fb6992588
                                                                                                • Opcode Fuzzy Hash: aef970fbcc94a0819c6f20981ad9f6f6ed32ecff9336cd0e69e090b50fb85f0f
                                                                                                • Instruction Fuzzy Hash: A341B171600204AFEB149F14C884BAEBBE9FF45328F188059FD159B2D2C770AE41CBE1
                                                                                                Function 00BECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BECF22,?), ref: 00BEDDFD
                                                                                                  • Part of subcall function 00BEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BECF22,?), ref: 00BEDE16
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00BECF45
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00BECF7F
                                                                                                • _wcslen.LIBCMT ref: 00BED005
                                                                                                • _wcslen.LIBCMT ref: 00BED01B
                                                                                                • SHFileOperationW.SHELL32(?), ref: 00BED061
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                • String ID: \*.*
                                                                                                • API String ID: 3164238972-1173974218
                                                                                                • Opcode ID: a02503aab4cd59f2f9786a67367b730670568379cab457124a9169fd0f20b591
                                                                                                • Instruction ID: cc8c148fd19376bdff8bf3193bde9ec349e0e66ae4cba15ba69e9a989af503a5
                                                                                                • Opcode Fuzzy Hash: a02503aab4cd59f2f9786a67367b730670568379cab457124a9169fd0f20b591
                                                                                                • Instruction Fuzzy Hash: 244156719452585FDF12EBA5C981BDEB7F9EF09380F0000E6E509EB142EB74E689CB50
                                                                                                Function 00C13D7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C13E35
                                                                                                • IsMenu.USER32(?), ref: 00C13E4A
                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C13E92
                                                                                                • DrawMenuBar.USER32 ref: 00C13EA5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                • String ID: 0$Hf
                                                                                                • API String ID: 3076010158-2882497664
                                                                                                • Opcode ID: 43566dd3adb00e906ef6cee4d18e7e296b06a7d0e0ac73c4601fe5fcbdedc93c
                                                                                                • Instruction ID: 2c25b882c89b284ab602c310933ba9e1ae9f04916ed7ccdb75f0e5eacc5513c0
                                                                                                • Opcode Fuzzy Hash: 43566dd3adb00e906ef6cee4d18e7e296b06a7d0e0ac73c4601fe5fcbdedc93c
                                                                                                • Instruction Fuzzy Hash: CF413875A00349AFDB10DF50D884AEABBB9FF4A358F044129F915A7390D730AE85EB50
                                                                                                Function 00BE7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BE7769
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BE778F
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BE7792
                                                                                                • SysAllocString.OLEAUT32(?), ref: 00BE77B0
                                                                                                • SysFreeString.OLEAUT32(?), ref: 00BE77B9
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00BE77DE
                                                                                                • SysAllocString.OLEAUT32(?), ref: 00BE77EC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: c957f613d0f55314608f72ec776fe1a2c88107fea75bfcd7dd7b4cdc830ef715
                                                                                                • Instruction ID: 806f342d9d20fbce25f260c3dcc737c1dac2c893175174726cd75fa8e471f617
                                                                                                • Opcode Fuzzy Hash: c957f613d0f55314608f72ec776fe1a2c88107fea75bfcd7dd7b4cdc830ef715
                                                                                                • Instruction Fuzzy Hash: BB217C76648219AFDB109FA9CC88EFB77ECEB0A7647148065BA15DB190DB70DC4287A0
                                                                                                Function 00BE77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BE7842
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BE7868
                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00BE786B
                                                                                                • SysAllocString.OLEAUT32 ref: 00BE788C
                                                                                                • SysFreeString.OLEAUT32 ref: 00BE7895
                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00BE78AF
                                                                                                • SysAllocString.OLEAUT32(?), ref: 00BE78BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                • String ID:
                                                                                                • API String ID: 3761583154-0
                                                                                                • Opcode ID: 7ed23fbcaa4646013de5ee03bafffecd5fe5e323abc18f12345a76882f2777be
                                                                                                • Instruction ID: 6345198c9c255958cc086a817e1e8e65ed62d40c8ea268c94de03b633e0f3fc3
                                                                                                • Opcode Fuzzy Hash: 7ed23fbcaa4646013de5ee03bafffecd5fe5e323abc18f12345a76882f2777be
                                                                                                • Instruction Fuzzy Hash: 4B21AC31648214AFAB10ABAACCCCEBA77ECFB193607108165F914CB2A0DB74DC41CB64
                                                                                                Function 00BF04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00BF04F2
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BF052E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: 3d78252947e11fecaa362f1155908d4d0ff8e1c5d3bec28271c1e824f4a1cce2
                                                                                                • Instruction ID: ebc620b22f5209dd93484f9d4ec9a0a6cadb1d6f183e8161938453830e9108d4
                                                                                                • Opcode Fuzzy Hash: 3d78252947e11fecaa362f1155908d4d0ff8e1c5d3bec28271c1e824f4a1cce2
                                                                                                • Instruction Fuzzy Hash: 05216F71510209ABDB20AF29D884BAA77E4FF55724F204A59F9A1971F2D7B09944CF20
                                                                                                Function 00BF05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00BF05C6
                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BF0601
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHandlePipe
                                                                                                • String ID: nul
                                                                                                • API String ID: 1424370930-2873401336
                                                                                                • Opcode ID: 7c1d70c6ea5afc04fe5f106ae93928114dec2dfdbb814d8d8e676909d3a49c74
                                                                                                • Instruction ID: 79726cf14e3361e21eb0c0e200c3efbb3a576a8c0119996b3fc011186c945d8a
                                                                                                • Opcode Fuzzy Hash: 7c1d70c6ea5afc04fe5f106ae93928114dec2dfdbb814d8d8e676909d3a49c74
                                                                                                • Instruction Fuzzy Hash: C821D675510319ABDB20AF688C44BAA77E4FF95720F204A59FAA1D72F1D7B09854CB10
                                                                                                Function 00C140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B8604C
                                                                                                  • Part of subcall function 00B8600E: GetStockObject.GDI32(00000011), ref: 00B86060
                                                                                                  • Part of subcall function 00B8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B8606A
                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00C14112
                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00C1411F
                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00C1412A
                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00C14139
                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00C14145
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                • String ID: Msctls_Progress32
                                                                                                • API String ID: 1025951953-3636473452
                                                                                                • Opcode ID: 6e461a0038326dadd0d2329b192aab96ca9cf4890bad62b92a118223b096e864
                                                                                                • Instruction ID: a504224efad4740dd3eeb3be99ec10c7ee7f52851caa4b7dbdfdfc77f43319bb
                                                                                                • Opcode Fuzzy Hash: 6e461a0038326dadd0d2329b192aab96ca9cf4890bad62b92a118223b096e864
                                                                                                • Instruction Fuzzy Hash: 5F11B2B2140219BEEF119F64CC85EEB7FADEF09798F114110FA18A6090C7729C61DBA4
                                                                                                Function 00BBD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BBD7A3: _free.LIBCMT ref: 00BBD7CC
                                                                                                • _free.LIBCMT ref: 00BBD82D
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BBD838
                                                                                                • _free.LIBCMT ref: 00BBD843
                                                                                                • _free.LIBCMT ref: 00BBD897
                                                                                                • _free.LIBCMT ref: 00BBD8A2
                                                                                                • _free.LIBCMT ref: 00BBD8AD
                                                                                                • _free.LIBCMT ref: 00BBD8B8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction ID: 830f03e8a2cd74caf6fafb0d028b89078f525b0d8e42537efb510c1384adc470
                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                • Instruction Fuzzy Hash: 5D112E71540B04BBD621BFB1CC47FEB7BDCAF04700F404C65B29DA6592EAE9B9058660
                                                                                                Function 00BEDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00BEDA74
                                                                                                • LoadStringW.USER32(00000000), ref: 00BEDA7B
                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00BEDA91
                                                                                                • LoadStringW.USER32(00000000), ref: 00BEDA98
                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00BEDADC
                                                                                                Strings
                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00BEDAB9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                • API String ID: 4072794657-3128320259
                                                                                                • Opcode ID: 4abb3889c4125565461111660cfcd7218bee8f80207333fd17e97b73200f3464
                                                                                                • Instruction ID: d3d0e42ce7efbb7522a23449d6f43001f112460cd9692045347dcaa92ea42236
                                                                                                • Opcode Fuzzy Hash: 4abb3889c4125565461111660cfcd7218bee8f80207333fd17e97b73200f3464
                                                                                                • Instruction Fuzzy Hash: 6E0162F65402087FEB10DBA09DC9FEB336CE709701F4044A5B706E2041E6749E844F74
                                                                                                Function 00BF096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(00E0DDB0,00E0DDB0), ref: 00BF097B
                                                                                                • EnterCriticalSection.KERNEL32(00E0DD90,00000000), ref: 00BF098D
                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 00BF099B
                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00BF09A9
                                                                                                • CloseHandle.KERNEL32(?), ref: 00BF09B8
                                                                                                • InterlockedExchange.KERNEL32(00E0DDB0,000001F6), ref: 00BF09C8
                                                                                                • LeaveCriticalSection.KERNEL32(00E0DD90), ref: 00BF09CF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 3495660284-0
                                                                                                • Opcode ID: 75ad032c831e869c06511c0b3844d46f4e4f35ea33f921ef957e1e26947b7834
                                                                                                • Instruction ID: 6243a97f917d1e54ff9fe186e6d81d5f23de4057d8969c711d00f3cde36d3f22
                                                                                                • Opcode Fuzzy Hash: 75ad032c831e869c06511c0b3844d46f4e4f35ea33f921ef957e1e26947b7834
                                                                                                • Instruction Fuzzy Hash: EEF01D31482612BBD7515B94EEC8BEA7A35FF02702F409015F201518B1D7749475CF90
                                                                                                Function 00C01C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00C01DC0
                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C01DE1
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01DF2
                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00C01EDB
                                                                                                • inet_ntoa.WSOCK32(?), ref: 00C01E8C
                                                                                                  • Part of subcall function 00BE39E8: _strlen.LIBCMT ref: 00BE39F2
                                                                                                  • Part of subcall function 00C03224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00BFEC0C), ref: 00C03240
                                                                                                • _strlen.LIBCMT ref: 00C01F35
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                • String ID:
                                                                                                • API String ID: 3203458085-0
                                                                                                • Opcode ID: a22958d67b1c191572d06da00ff4dff373d2cc93a0deddf381e7c370100e057d
                                                                                                • Instruction ID: 99b20419ec121d11182782323d537e497bc9d112c6b1104e7f58faf8a91df563
                                                                                                • Opcode Fuzzy Hash: a22958d67b1c191572d06da00ff4dff373d2cc93a0deddf381e7c370100e057d
                                                                                                • Instruction Fuzzy Hash: C7B1F830104341AFD714EF64C895F2AB7E5AF85318F58859CF8665B2E2DB31EE41CB91
                                                                                                Function 00B85D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?,?), ref: 00B85D30
                                                                                                • GetWindowRect.USER32(?,?), ref: 00B85D71
                                                                                                • ScreenToClient.USER32(?,?), ref: 00B85D99
                                                                                                • GetClientRect.USER32(?,?), ref: 00B85ED7
                                                                                                • GetWindowRect.USER32(?,?), ref: 00B85EF8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                • String ID:
                                                                                                • API String ID: 1296646539-0
                                                                                                • Opcode ID: 72b01aa1db7ad44be9c821b089590e4243e37599893facec602eb52794c69489
                                                                                                • Instruction ID: 445a2e5eb3f0f3d26762afe0c13f4605f6f8d96156ed529acdce2a20f653126b
                                                                                                • Opcode Fuzzy Hash: 72b01aa1db7ad44be9c821b089590e4243e37599893facec602eb52794c69489
                                                                                                • Instruction Fuzzy Hash: 78B16B34A0064ADFDB20DFA9C880BEEB7F1FF58311F14845AE8A9D7250DB34AA51DB50
                                                                                                Function 00BB01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __allrem.LIBCMT ref: 00BB00BA
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB00D6
                                                                                                • __allrem.LIBCMT ref: 00BB00ED
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB010B
                                                                                                • __allrem.LIBCMT ref: 00BB0122
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BB0140
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 1992179935-0
                                                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                • Instruction ID: 43b4d4bf5113e267f7f77802d3a803740101b4f49c5f42d0be940cdfdd1b3d72
                                                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                • Instruction Fuzzy Hash: 5981C372A057069FE724BA68CC82BFB73E9EF42364F2445BEF551E6281E7B1D9008750
                                                                                                Function 00BB61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00BA82D9,00BA82D9,?,?,?,00BB644F,00000001,00000001,8BE85006), ref: 00BB6258
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00BB644F,00000001,00000001,8BE85006,?,?,?), ref: 00BB62DE
                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00BB63D8
                                                                                                • __freea.LIBCMT ref: 00BB63E5
                                                                                                  • Part of subcall function 00BB3820: RtlAllocateHeap.NTDLL(00000000,?,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6,?,00B81129), ref: 00BB3852
                                                                                                • __freea.LIBCMT ref: 00BB63EE
                                                                                                • __freea.LIBCMT ref: 00BB6413
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1414292761-0
                                                                                                • Opcode ID: be7b4e6460400abe8386a252af54b0d2bd15869c9ccdd411d9e376fd1b8427fb
                                                                                                • Instruction ID: f3e1e9472ec30d38786614e62f7a3055b70eb4ef1254cd8c745f182164a82f66
                                                                                                • Opcode Fuzzy Hash: be7b4e6460400abe8386a252af54b0d2bd15869c9ccdd411d9e376fd1b8427fb
                                                                                                • Instruction Fuzzy Hash: 6351B172A00216ABEB258F68DC81FFF77E9EB44750F1546A9FC05D6140EBB8DC44C664
                                                                                                Function 00C0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00C0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C0B6AE,?,?), ref: 00C0C9B5
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0C9F1
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA68
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C0BCCA
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C0BD25
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0BD6A
                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C0BD99
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C0BDF3
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C0BDFF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                • String ID:
                                                                                                • API String ID: 1120388591-0
                                                                                                • Opcode ID: 5edf66db3aaa1dba2f05dae08b37cdf2ccd4c6eea6a6641fee114f23d384c7d8
                                                                                                • Instruction ID: 599c09939bd61986a0c6a59b60c9b50f517eb0d737d2c7e2262ebf43bada8b29
                                                                                                • Opcode Fuzzy Hash: 5edf66db3aaa1dba2f05dae08b37cdf2ccd4c6eea6a6641fee114f23d384c7d8
                                                                                                • Instruction Fuzzy Hash: 71817F30218341AFD714DF24C895E6ABBE5FF85308F14859DF4654B2A2DB31ED45CB92
                                                                                                Function 00BDF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(00000035), ref: 00BDF7B9
                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 00BDF860
                                                                                                • VariantCopy.OLEAUT32(00BDFA64,00000000), ref: 00BDF889
                                                                                                • VariantClear.OLEAUT32(00BDFA64), ref: 00BDF8AD
                                                                                                • VariantCopy.OLEAUT32(00BDFA64,00000000), ref: 00BDF8B1
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BDF8BB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                • String ID:
                                                                                                • API String ID: 3859894641-0
                                                                                                • Opcode ID: 4a804b6c129250446d2973240a4faefdcac969e8a78f0dc46652746975205644
                                                                                                • Instruction ID: 6f5e91ebd4e04253fa16453b606bd8d4b78fdfcc3497e47411d037eb98a5c450
                                                                                                • Opcode Fuzzy Hash: 4a804b6c129250446d2973240a4faefdcac969e8a78f0dc46652746975205644
                                                                                                • Instruction Fuzzy Hash: C251A331958312AACF10AB65D8E5B79F3E4EF45310B2484E7E907DF391EA748C40C79A
                                                                                                Function 00BF910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B87620: _wcslen.LIBCMT ref: 00B87625
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00BF94E5
                                                                                                • _wcslen.LIBCMT ref: 00BF9506
                                                                                                • _wcslen.LIBCMT ref: 00BF952D
                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00BF9585
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                • String ID: X
                                                                                                • API String ID: 83654149-3081909835
                                                                                                • Opcode ID: 643757436e27d65d4e611cd6c5dbf0a1ee0b90f9b757a5471ed123604b465390
                                                                                                • Instruction ID: abe12d7eb028a71886418526ecab2b054d267ca99ff217b1620cf1b8f9ef85cd
                                                                                                • Opcode Fuzzy Hash: 643757436e27d65d4e611cd6c5dbf0a1ee0b90f9b757a5471ed123604b465390
                                                                                                • Instruction Fuzzy Hash: 17E1A1715083018FDB24EF24C481B6AB7E4FF95314F1489ADF9999B2A2DB31DD09CB92
                                                                                                Function 00B9920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • BeginPaint.USER32(?,?,?), ref: 00B99241
                                                                                                • GetWindowRect.USER32(?,?), ref: 00B992A5
                                                                                                • ScreenToClient.USER32(?,?), ref: 00B992C2
                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B992D3
                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00B99321
                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00BD71EA
                                                                                                  • Part of subcall function 00B99339: BeginPath.GDI32(00000000), ref: 00B99357
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                • String ID:
                                                                                                • API String ID: 3050599898-0
                                                                                                • Opcode ID: 8ad0f097ebf1639dbf6056fd9a404c341e87cf64ebd2f83f9bb85e8c5e5ac432
                                                                                                • Instruction ID: c5770fd144f9533ba023daa85b3eafa888527623701c703eb2a99eea6f63d5fe
                                                                                                • Opcode Fuzzy Hash: 8ad0f097ebf1639dbf6056fd9a404c341e87cf64ebd2f83f9bb85e8c5e5ac432
                                                                                                • Instruction Fuzzy Hash: D441BE74148300AFDB20DF28D8C8FAA7BE8EB46321F1442ADF964972A1D7309845DB61
                                                                                                Function 00BF07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00BF080C
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00BF0847
                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00BF0863
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00BF08DC
                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00BF08F3
                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00BF0921
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                • String ID:
                                                                                                • API String ID: 3368777196-0
                                                                                                • Opcode ID: c0a2d21e9accdccb504d62b4673c9146f227d2f0959afa24d206e4d76d3e04fe
                                                                                                • Instruction ID: b66a9d1c3b5c3d689dfd85ba6092547c433b9baa5405dde39dceeec0ae67b5c3
                                                                                                • Opcode Fuzzy Hash: c0a2d21e9accdccb504d62b4673c9146f227d2f0959afa24d206e4d76d3e04fe
                                                                                                • Instruction Fuzzy Hash: 8D415975A10209ABDF14AF54DC85BAA77B9FF05310F1480A5ED009B2A7DB30DE65DBA0
                                                                                                Function 00BE4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindowVisible.USER32(?), ref: 00BE4C95
                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00BE4CB2
                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00BE4CEA
                                                                                                • _wcslen.LIBCMT ref: 00BE4D08
                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00BE4D10
                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00BE4D1A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                • String ID:
                                                                                                • API String ID: 72514467-0
                                                                                                • Opcode ID: ec9ee5df035fa31e0f54f99e075984933fb8e04229996ea3bc033dab6bf13dd6
                                                                                                • Instruction ID: 348fe2bb33aec980f379e6fe6661f55c2ebbc72885b311a8c5ed9f12fa295b5c
                                                                                                • Opcode Fuzzy Hash: ec9ee5df035fa31e0f54f99e075984933fb8e04229996ea3bc033dab6bf13dd6
                                                                                                • Instruction Fuzzy Hash: F121A771604245BBEB155B2A9C89F7F7BDCDF46750F10C0B9F805CA191DB61DC4196A0
                                                                                                Function 00BF581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B83A97,?,?,00B82E7F,?,?,?,00000000), ref: 00B83AC2
                                                                                                • _wcslen.LIBCMT ref: 00BF587B
                                                                                                • CoInitialize.OLE32(00000000), ref: 00BF5995
                                                                                                • CoCreateInstance.OLE32(00C1FCF8,00000000,00000001,00C1FB68,?), ref: 00BF59AE
                                                                                                • CoUninitialize.OLE32 ref: 00BF59CC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                • String ID: .lnk
                                                                                                • API String ID: 3172280962-24824748
                                                                                                • Opcode ID: f80431da8ccdaebc82da78affcbbbc30effac34d12e4deeb22dd65e191f947ee
                                                                                                • Instruction ID: 9ab0bab76179a84fe4e253b560f26434e52789cc07bdeab740d7ccef4ae616c2
                                                                                                • Opcode Fuzzy Hash: f80431da8ccdaebc82da78affcbbbc30effac34d12e4deeb22dd65e191f947ee
                                                                                                • Instruction Fuzzy Hash: D0D177706087059FC724DF14C484A6ABBE5FF89714F14889DFA899B361DB31EC49CB92
                                                                                                Function 00BE175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BE0FCA
                                                                                                  • Part of subcall function 00BE0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BE0FD6
                                                                                                  • Part of subcall function 00BE0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BE0FE5
                                                                                                  • Part of subcall function 00BE0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BE0FEC
                                                                                                  • Part of subcall function 00BE0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BE1002
                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00BE1335), ref: 00BE17AE
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00BE17BA
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00BE17C1
                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00BE17DA
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00BE1335), ref: 00BE17EE
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE17F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                • String ID:
                                                                                                • API String ID: 3008561057-0
                                                                                                • Opcode ID: 21838b943f74c4864c6c3fdd9f9a0f2167f748880aafc167e2f5f8c1b8608f18
                                                                                                • Instruction ID: 3f7c1c78461d168ccf526e430a2698c5fb2633337a80525ae8dd88d855985259
                                                                                                • Opcode Fuzzy Hash: 21838b943f74c4864c6c3fdd9f9a0f2167f748880aafc167e2f5f8c1b8608f18
                                                                                                • Instruction Fuzzy Hash: B411ACB1580205FFDB10DFA9CC89BAE7BE9FB46755F208898F48197210C735AD40CB60
                                                                                                Function 00BE14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00BE14FF
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00BE1506
                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00BE1515
                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00BE1520
                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BE154F
                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00BE1563
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                • String ID:
                                                                                                • API String ID: 1413079979-0
                                                                                                • Opcode ID: 5f0a3f3a721d5e25531e0b9a468fc91858fd8b76e9821f5df705001ca4d6857b
                                                                                                • Instruction ID: b050a2eb53570889439ebdba9f7c62c30ddbb5e82a2351d3cbda1d4a2ea9e7c7
                                                                                                • Opcode Fuzzy Hash: 5f0a3f3a721d5e25531e0b9a468fc91858fd8b76e9821f5df705001ca4d6857b
                                                                                                • Instruction Fuzzy Hash: 10114472500249ABDB12CFA8DD89BDE7BB9FB49704F148064FA05A21A0C375CE61DB60
                                                                                                Function 00BA3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00BA3379,00BA2FE5), ref: 00BA3390
                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BA339E
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BA33B7
                                                                                                • SetLastError.KERNEL32(00000000,?,00BA3379,00BA2FE5), ref: 00BA3409
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                • String ID:
                                                                                                • API String ID: 3852720340-0
                                                                                                • Opcode ID: 8e7c4efce1d4e222fe78c50c732a9bf1bd7ffe72602c480f7c72d4696da2e177
                                                                                                • Instruction ID: 74b192b478eda3d4e12c393f36288d7d1d68028b4ac1c3bffd787ae936b39e10
                                                                                                • Opcode Fuzzy Hash: 8e7c4efce1d4e222fe78c50c732a9bf1bd7ffe72602c480f7c72d4696da2e177
                                                                                                • Instruction Fuzzy Hash: E801473360E311BFAA6427B87CC57AB2AD4FB07F7932042A9F420802F0EF114D055148
                                                                                                Function 00BB2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00BB5686,00BC3CD6,?,00000000,?,00BB5B6A,?,?,?,?,?,00BAE6D1,?,00C48A48), ref: 00BB2D78
                                                                                                • _free.LIBCMT ref: 00BB2DAB
                                                                                                • _free.LIBCMT ref: 00BB2DD3
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00BAE6D1,?,00C48A48,00000010,00B84F4A,?,?,00000000,00BC3CD6), ref: 00BB2DE0
                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00BAE6D1,?,00C48A48,00000010,00B84F4A,?,?,00000000,00BC3CD6), ref: 00BB2DEC
                                                                                                • _abort.LIBCMT ref: 00BB2DF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 3160817290-0
                                                                                                • Opcode ID: 638203203e70f439ce1499210ad00189ee2e41668bbb222af98ab39c9492931e
                                                                                                • Instruction ID: 68e02d6e17ded4073ffb311fa73ab08dd405cff9fe6d52584365a53721180bc4
                                                                                                • Opcode Fuzzy Hash: 638203203e70f439ce1499210ad00189ee2e41668bbb222af98ab39c9492931e
                                                                                                • Instruction Fuzzy Hash: CAF0A43554560027C6223738AC4ABFE25D9FFC77A1B2445B8F824922A6EEE488014160
                                                                                                Function 00C18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B99693
                                                                                                  • Part of subcall function 00B99639: SelectObject.GDI32(?,00000000), ref: 00B996A2
                                                                                                  • Part of subcall function 00B99639: BeginPath.GDI32(?), ref: 00B996B9
                                                                                                  • Part of subcall function 00B99639: SelectObject.GDI32(?,00000000), ref: 00B996E2
                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00C18A4E
                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00C18A62
                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00C18A70
                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00C18A80
                                                                                                • EndPath.GDI32(?), ref: 00C18A90
                                                                                                • StrokePath.GDI32(?), ref: 00C18AA0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                • String ID:
                                                                                                • API String ID: 43455801-0
                                                                                                • Opcode ID: 6049c14a35aef71897fe47a1fd8c587ac64728f4803cb90bbeba488d55ca8c24
                                                                                                • Instruction ID: 494904692107b95480841a955d74c307ab6a1876ab4e17e0ff194f6d134e1a0c
                                                                                                • Opcode Fuzzy Hash: 6049c14a35aef71897fe47a1fd8c587ac64728f4803cb90bbeba488d55ca8c24
                                                                                                • Instruction Fuzzy Hash: 0411F776040108FFDB129F94DC88FEE7FACEB09350F04C062BA199A1A1C7719E95DBA0
                                                                                                Function 00BE51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDC.USER32(00000000), ref: 00BE5218
                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00BE5229
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BE5230
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00BE5238
                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00BE524F
                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00BE5261
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDevice$Release
                                                                                                • String ID:
                                                                                                • API String ID: 1035833867-0
                                                                                                • Opcode ID: ad6bbcd6ebce90cd29c277d5b1b3bc771af1a2e9f73648a3a6e01317d69244ba
                                                                                                • Instruction ID: 683f835c56259d58470c737a67ccde017922b9a56285c59f9959e71bdbe43273
                                                                                                • Opcode Fuzzy Hash: ad6bbcd6ebce90cd29c277d5b1b3bc771af1a2e9f73648a3a6e01317d69244ba
                                                                                                • Instruction Fuzzy Hash: 82018475A40704BBEB105BA69C89B9EBFB8FB49351F048065FA04A7280D6709800CB60
                                                                                                Function 00B81BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B81BF4
                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00B81BFC
                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B81C07
                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B81C12
                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00B81C1A
                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B81C22
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual
                                                                                                • String ID:
                                                                                                • API String ID: 4278518827-0
                                                                                                • Opcode ID: c210f272d0c389eb0f22bdfed39ac11816f56921da3d20ec92e2e65f5330013c
                                                                                                • Instruction ID: 54ec1f4458278d39a35ab31c72d99f4ef06747de18e0d8c909d0058bedac9e95
                                                                                                • Opcode Fuzzy Hash: c210f272d0c389eb0f22bdfed39ac11816f56921da3d20ec92e2e65f5330013c
                                                                                                • Instruction Fuzzy Hash: 230167B0942B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                Function 00BEEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00BEEB30
                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00BEEB46
                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00BEEB55
                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BEEB64
                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BEEB6E
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BEEB75
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 839392675-0
                                                                                                • Opcode ID: bfeb0fcb5e6a3f6b1c2e6aa476c77263457908b52f3216fe89cbb360ca65aac3
                                                                                                • Instruction ID: edffff46e11f3ce9eadb247239c00d8b3688e4ee1ce4dfd022ea2157fa005cc3
                                                                                                • Opcode Fuzzy Hash: bfeb0fcb5e6a3f6b1c2e6aa476c77263457908b52f3216fe89cbb360ca65aac3
                                                                                                • Instruction Fuzzy Hash: 95F03072580158BBE72157629C4DFEF3A7CFFCBB11F008158F611E1091D7A05A01C6B5
                                                                                                Function 00BD7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClientRect.USER32(?), ref: 00BD7452
                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00BD7469
                                                                                                • GetWindowDC.USER32(?), ref: 00BD7475
                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00BD7484
                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00BD7496
                                                                                                • GetSysColor.USER32(00000005), ref: 00BD74B0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                • String ID:
                                                                                                • API String ID: 272304278-0
                                                                                                • Opcode ID: 0ea15a57500daed46a48d42eaf8b2fa201a38a0d76a2da400a863997ae1638db
                                                                                                • Instruction ID: 78ff3d0548ffaec4133e4f915c6c3329923a842cd4dd22cee41feb55870bfb11
                                                                                                • Opcode Fuzzy Hash: 0ea15a57500daed46a48d42eaf8b2fa201a38a0d76a2da400a863997ae1638db
                                                                                                • Instruction Fuzzy Hash: D3018B31480215EFDB515F64DC88BEEBBB6FB05311F6080A4F916A22A0DF311E41EF10
                                                                                                Function 00BE1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BE187F
                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00BE188B
                                                                                                • CloseHandle.KERNEL32(?), ref: 00BE1894
                                                                                                • CloseHandle.KERNEL32(?), ref: 00BE189C
                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00BE18A5
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE18AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                • String ID:
                                                                                                • API String ID: 146765662-0
                                                                                                • Opcode ID: c01fcb7c50098c17ec079d0eb074b474265852fe993be2ed4a78d34b99e577a3
                                                                                                • Instruction ID: 8aad9538d410d80f559a86e8ebf879d545c41639ef1ea8cb25127568ab1d76db
                                                                                                • Opcode Fuzzy Hash: c01fcb7c50098c17ec079d0eb074b474265852fe993be2ed4a78d34b99e577a3
                                                                                                • Instruction Fuzzy Hash: 9AE0C936484211BBD6015BA1ED4CB8DBB29FB4A721750C220F22581070CB725421DB50
                                                                                                Function 00BEC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B87620: _wcslen.LIBCMT ref: 00B87625
                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BEC6EE
                                                                                                • _wcslen.LIBCMT ref: 00BEC735
                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BEC79C
                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00BEC7CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                • String ID: 0
                                                                                                • API String ID: 1227352736-4108050209
                                                                                                • Opcode ID: 92469e508eb40c00ddeb34fe82966f74b38b001b2453114ac5d311ac7eb1707d
                                                                                                • Instruction ID: 760e3cc489363ab018ab497b33f5588bba92682235ca2f890ea36954a1283a24
                                                                                                • Opcode Fuzzy Hash: 92469e508eb40c00ddeb34fe82966f74b38b001b2453114ac5d311ac7eb1707d
                                                                                                • Instruction Fuzzy Hash: B951E0716043819FD7119F2AC885B6B7FE8EF8A310F040AA9F995D31A0DB70DC46DB56
                                                                                                Function 00C16278 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00C162E2
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C16315
                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00C16382
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3880355969-3302991505
                                                                                                • Opcode ID: 73bede97e733163af5dc1e94517346285807843bbc78fcd8f679070e2f830fbb
                                                                                                • Instruction ID: 194b4104dac84d95097b79b66d947c9491549d7395c56dbef78e59161ad783fa
                                                                                                • Opcode Fuzzy Hash: 73bede97e733163af5dc1e94517346285807843bbc78fcd8f679070e2f830fbb
                                                                                                • Instruction Fuzzy Hash: 27510C74A00209EFDB10DF54D884AEE7BB5FF46360F548159F925972A0D770EE81DB50
                                                                                                Function 00BE719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00BE7206
                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00BE723C
                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00BE724D
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00BE72CF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                • String ID: DllGetClassObject
                                                                                                • API String ID: 753597075-1075368562
                                                                                                • Opcode ID: 9f4e0b32426b494b5f52f342b1b822f834f87e13c5200a40f8fd3fb83710c58f
                                                                                                • Instruction ID: d0a9ce0ac9d030a27a6f358d8eeddb20ad551c8d8cb76d05ad3088075db10f0a
                                                                                                • Opcode Fuzzy Hash: 9f4e0b32426b494b5f52f342b1b822f834f87e13c5200a40f8fd3fb83710c58f
                                                                                                • Instruction Fuzzy Hash: 75417D71684245AFDF15CF55C884B9A7BE9EF46310F2480ADBE059F20ADBB0D945CBA0
                                                                                                Function 00C152C1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00C15352
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C15375
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C15382
                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C153A8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3340791633-3302991505
                                                                                                • Opcode ID: cca891dcd9d53a06649ffb01204c5f32b7671a776a8df9c524259fae76ab002c
                                                                                                • Instruction ID: 4e759d3d271f1231bfbecd5254b3047d1388eea98ef1ec45a6be38fc662d15c7
                                                                                                • Opcode Fuzzy Hash: cca891dcd9d53a06649ffb01204c5f32b7671a776a8df9c524259fae76ab002c
                                                                                                • Instruction Fuzzy Hash: ED319234A95A08EFEB349A14CC55BE87765AB86390FD84102FA31972F1C7B09AC0BB51
                                                                                                Function 00C17674 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ClientToScreen.USER32(?,?), ref: 00C1769A
                                                                                                • GetWindowRect.USER32(?,?), ref: 00C17710
                                                                                                • PtInRect.USER32(?,?,00C18B89), ref: 00C17720
                                                                                                • MessageBeep.USER32(00000000), ref: 00C1778C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 1352109105-3302991505
                                                                                                • Opcode ID: 9a1004fd9fb53b77c279f092e50e272279c313898d7e0ad15ec73d4aa6529b63
                                                                                                • Instruction ID: 4a1b5d9a46f0fff5a2a95e044dce962fb538d0076c94e58b88659173f1eea6b3
                                                                                                • Opcode Fuzzy Hash: 9a1004fd9fb53b77c279f092e50e272279c313898d7e0ad15ec73d4aa6529b63
                                                                                                • Instruction Fuzzy Hash: 40415378605214DFCB12CF58C894FEDB7F5BB46315F1942A9E8249B2A1C730EA81DBD0
                                                                                                Function 00BE1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00BE1E66
                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00BE1E79
                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00BE1EA9
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 2081771294-1403004172
                                                                                                • Opcode ID: fcc9a7a84e940b367d2630dcc05452ef1d682a1ed7909f14685c056a419e4751
                                                                                                • Instruction ID: 947c50ac1e13ca261fad1a1bcf049eeee23cd6a0a80c1c5c671309cd7ec2c8a7
                                                                                                • Opcode Fuzzy Hash: fcc9a7a84e940b367d2630dcc05452ef1d682a1ed7909f14685c056a419e4751
                                                                                                • Instruction Fuzzy Hash: 08212371A00144AFDB14AB69CC8ADFFB7F8EF46360B2445A9F825A31E1DB344949C720
                                                                                                Function 00C14653 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00C14705
                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00C14713
                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00C1471A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                • String ID: Hf$msctls_updown32
                                                                                                • API String ID: 4014797782-2933906233
                                                                                                • Opcode ID: cc70d5c64b43fe5b91f90c876affd499a1eb5a24625cdafe805f5d0e094a935b
                                                                                                • Instruction ID: 55b6f1a5e752bd319cf232311c49fbf1bd5b525f16b3566dda5e2f5965e7a32b
                                                                                                • Opcode Fuzzy Hash: cc70d5c64b43fe5b91f90c876affd499a1eb5a24625cdafe805f5d0e094a935b
                                                                                                • Instruction Fuzzy Hash: 882162B5600204AFDB14DF64DCC5EAB37EDEB4B764B140059F91097291CB71ED51DB60
                                                                                                Function 00C18FC9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • GetCursorPos.USER32(?), ref: 00C19001
                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00BD7711,?,?,?,?,?), ref: 00C19016
                                                                                                • GetCursorPos.USER32(?), ref: 00C1905E
                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00BD7711,?,?,?), ref: 00C19094
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 2864067406-3302991505
                                                                                                • Opcode ID: a1040991c3f32a7d4d2dc480533b0f23c1036e60c7816697c02b7cfc9ad73851
                                                                                                • Instruction ID: cf7caad6f137af2c25f434e019033a74d14845a6352dbdfcdd82ae1b8d0aeb46
                                                                                                • Opcode Fuzzy Hash: a1040991c3f32a7d4d2dc480533b0f23c1036e60c7816697c02b7cfc9ad73851
                                                                                                • Instruction Fuzzy Hash: 20216D35600118AFDB25CF94C8A8FEE7BB9FB4E361F144069F91557261C7319EA0EB60
                                                                                                Function 00C12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00C12F8D
                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00C12F94
                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00C12FA9
                                                                                                • DestroyWindow.USER32(?), ref: 00C12FB1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                • String ID: SysAnimate32
                                                                                                • API String ID: 3529120543-1011021900
                                                                                                • Opcode ID: 2106a3920021daa4116c4995c84bec12c50ac048849e9fc2bf82b987538f88b6
                                                                                                • Instruction ID: 8efabdca7f6f7d4a1fcbf1d37fdc2610d86a1d6ca5d2e460d51eaf0149e4391d
                                                                                                • Opcode Fuzzy Hash: 2106a3920021daa4116c4995c84bec12c50ac048849e9fc2bf82b987538f88b6
                                                                                                • Instruction Fuzzy Hash: 0E21C075200215AFEB108FA4DC84FFB37BDEB5A364F104218F960D2190D771DCA2A760
                                                                                                Function 00B9990C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000008), ref: 00B998CC
                                                                                                • SetTextColor.GDI32(?,?), ref: 00B998D6
                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00B998E9
                                                                                                • GetStockObject.GDI32(00000005), ref: 00B998F1
                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                                                • String ID: Hf
                                                                                                • API String ID: 1860813098-3302991505
                                                                                                • Opcode ID: f29c544488c26f893125e3d34e24b2d66ca5f72e5f13d672c8efc913922f709e
                                                                                                • Instruction ID: 34b031bea07c0d5f9c41e7af5c286cfcdcdfc3c89fd61d80494f5149acf638e8
                                                                                                • Opcode Fuzzy Hash: f29c544488c26f893125e3d34e24b2d66ca5f72e5f13d672c8efc913922f709e
                                                                                                • Instruction Fuzzy Hash: C91129321862109FDF228F68EC98FEE3BA0EB57775B1841ADF5528B1B1D7314840C761
                                                                                                Function 00BA4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00BA4D1E,00BB28E9,?,00BA4CBE,00BB28E9,00C488B8,0000000C,00BA4E15,00BB28E9,00000002), ref: 00BA4D8D
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BA4DA0
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00BA4D1E,00BB28E9,?,00BA4CBE,00BB28E9,00C488B8,0000000C,00BA4E15,00BB28E9,00000002,00000000), ref: 00BA4DC3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 6c57e6dd4b303d2770a8dfb454136f597cc3167aeb190ffa64ad38baa684a37c
                                                                                                • Instruction ID: bdfac55dddcf5b27e7d04c1966288bf4c8b5f1e39e02a6869c6841960c754308
                                                                                                • Opcode Fuzzy Hash: 6c57e6dd4b303d2770a8dfb454136f597cc3167aeb190ffa64ad38baa684a37c
                                                                                                • Instruction Fuzzy Hash: 32F04F35A84218BBDB119F94DC89BEEBBF5FF45B51F1040A5F805A2660CBB19D40CA90
                                                                                                Function 00B84E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B84EDD,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E9C
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B84EAE
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00B84EDD,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84EC0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-3689287502
                                                                                                • Opcode ID: 2bad7bd4a53830fcef2b0a914ed6bf098f05dc352313210d1665869c4332d187
                                                                                                • Instruction ID: 3a5da401a887aed0110b69207393afd65a390d07f5e567aae9f05db775cf905f
                                                                                                • Opcode Fuzzy Hash: 2bad7bd4a53830fcef2b0a914ed6bf098f05dc352313210d1665869c4332d187
                                                                                                • Instruction Fuzzy Hash: D7E0CD36A815236BD2312B256C58BAF6694FFC3F637154165FC00E2210DB60CD01C1A0
                                                                                                Function 00B84E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BC3CDE,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E62
                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B84E74
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00BC3CDE,?,00C51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B84E87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                • API String ID: 145871493-1355242751
                                                                                                • Opcode ID: e193b08a48cfb463ab04d8a0ea83ed57bc4d6e81d7b421822ecc71f1d85e3d46
                                                                                                • Instruction ID: d5997b1e812678e0cdaf91aec045e40da09fa177c11af424bbab561fd6ea13a4
                                                                                                • Opcode Fuzzy Hash: e193b08a48cfb463ab04d8a0ea83ed57bc4d6e81d7b421822ecc71f1d85e3d46
                                                                                                • Instruction Fuzzy Hash: A7D012365826226796262B256C58FCF6A58FF86B523154565B905E2124CF60CD02C6D0
                                                                                                Function 00BF2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BF2C05
                                                                                                • DeleteFileW.KERNEL32(?), ref: 00BF2C87
                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00BF2C9D
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BF2CAE
                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BF2CC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Delete$Copy
                                                                                                • String ID:
                                                                                                • API String ID: 3226157194-0
                                                                                                • Opcode ID: 815dbc74250482046afc1733592a7386482349921a8887f171b8957c13b1651e
                                                                                                • Instruction ID: c22eba2fb7a9312d07f722d3c2a27fec03982374c2c016039cdbc7e40ebe47da
                                                                                                • Opcode Fuzzy Hash: 815dbc74250482046afc1733592a7386482349921a8887f171b8957c13b1651e
                                                                                                • Instruction Fuzzy Hash: 16B10E71D0011DABDF25EBA4CC85EEEBBBDEF49350F1040E6F609A7151EA309A488B61
                                                                                                Function 00C0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00C0A427
                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C0A435
                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C0A468
                                                                                                • CloseHandle.KERNEL32(?), ref: 00C0A63D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                • String ID:
                                                                                                • API String ID: 3488606520-0
                                                                                                • Opcode ID: 068f5b7229bcb7b87b1fb3e8597a9374d44dfd878e8b04da4effe1acea2160c7
                                                                                                • Instruction ID: 26849b5741ad8b73b9108e593cc4cfa6d7d1b285c8f1a9ce9728ebc2e1e80763
                                                                                                • Opcode Fuzzy Hash: 068f5b7229bcb7b87b1fb3e8597a9374d44dfd878e8b04da4effe1acea2160c7
                                                                                                • Instruction Fuzzy Hash: 91A17F71604300AFE720EF24D886B2AB7E5AF84714F14885DF66A9B3D2D771ED41CB92
                                                                                                Function 00BBBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C23700), ref: 00BBBB91
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00C5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00BBBC09
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00C51270,000000FF,?,0000003F,00000000,?), ref: 00BBBC36
                                                                                                • _free.LIBCMT ref: 00BBBB7F
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BBBD4B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                • String ID:
                                                                                                • API String ID: 1286116820-0
                                                                                                • Opcode ID: 01571b3980a6f0992257040a07f19071f65cdf8bb4ece22e3687166cb0e3a0eb
                                                                                                • Instruction ID: cdac544c3f4b97645f7736102cf77a34eaa8ca1dd44338f7192b6986039bce5c
                                                                                                • Opcode Fuzzy Hash: 01571b3980a6f0992257040a07f19071f65cdf8bb4ece22e3687166cb0e3a0eb
                                                                                                • Instruction Fuzzy Hash: 6A51A475900209ABCB14EF65DC85FFEBBF8EB41310F1442AAE454E71A1EBF09E408B50
                                                                                                Function 00BEE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BECF22,?), ref: 00BEDDFD
                                                                                                  • Part of subcall function 00BEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BECF22,?), ref: 00BEDE16
                                                                                                  • Part of subcall function 00BEE199: GetFileAttributesW.KERNEL32(?,00BECF95), ref: 00BEE19A
                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00BEE473
                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00BEE4AC
                                                                                                • _wcslen.LIBCMT ref: 00BEE5EB
                                                                                                • _wcslen.LIBCMT ref: 00BEE603
                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00BEE650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3183298772-0
                                                                                                • Opcode ID: 98440815ac4015deba9e190a97b940b28494c233c9f7afabe33b275adb7ff251
                                                                                                • Instruction ID: 5d32e138b2bb71d839e651307f7bc412c10658df4eb31faf91bcde58a9a8132d
                                                                                                • Opcode Fuzzy Hash: 98440815ac4015deba9e190a97b940b28494c233c9f7afabe33b275adb7ff251
                                                                                                • Instruction Fuzzy Hash: 435153B24083859BC724EB90D881AEFB3ECEF85340F00495EF599D3191EF75E6888756
                                                                                                Function 00C0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00C0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C0B6AE,?,?), ref: 00C0C9B5
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0C9F1
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA68
                                                                                                  • Part of subcall function 00C0C998: _wcslen.LIBCMT ref: 00C0CA9E
                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C0BAA5
                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C0BB00
                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C0BB63
                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00C0BBA6
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C0BBB3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                • String ID:
                                                                                                • API String ID: 826366716-0
                                                                                                • Opcode ID: 76350ae0257ccde6eb5baeadbd2da80b69642e9a8cd08097be073050ad5d7e1a
                                                                                                • Instruction ID: 7acc5cbbd7f6032020f4c7930ace99bbbeb3fc92768af98685579773ed97e595
                                                                                                • Opcode Fuzzy Hash: 76350ae0257ccde6eb5baeadbd2da80b69642e9a8cd08097be073050ad5d7e1a
                                                                                                • Instruction Fuzzy Hash: A961A031208241AFD714DF24C490E6ABBE5FF85308F54859DF4AA8B2A2DB31ED45CB92
                                                                                                Function 00BE8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VariantInit.OLEAUT32(?), ref: 00BE8BCD
                                                                                                • VariantClear.OLEAUT32 ref: 00BE8C3E
                                                                                                • VariantClear.OLEAUT32 ref: 00BE8C9D
                                                                                                • VariantClear.OLEAUT32(?), ref: 00BE8D10
                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00BE8D3B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                • String ID:
                                                                                                • API String ID: 4136290138-0
                                                                                                • Opcode ID: d67b852e09d8d048eb81a2dfeb80945b60bd1e7d08640428f65a1f78b1139fa7
                                                                                                • Instruction ID: 12c58ca1489bddf8f0c75c4ff04bcec919cb6aa6de4a1b72c330483679fe9e18
                                                                                                • Opcode Fuzzy Hash: d67b852e09d8d048eb81a2dfeb80945b60bd1e7d08640428f65a1f78b1139fa7
                                                                                                • Instruction Fuzzy Hash: 67516CB5A00659EFCB10CF59C884AAAB7F5FF89310B158569F909DB350E730E911CF90
                                                                                                Function 00BF8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00BF8BAE
                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00BF8BDA
                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00BF8C32
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00BF8C57
                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00BF8C5F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                • String ID:
                                                                                                • API String ID: 2832842796-0
                                                                                                • Opcode ID: c4e3774ceaa1d1e9a613635d0e3749589b511a548b272ce89c2870924086853f
                                                                                                • Instruction ID: d56aa085e70de01e3367b021987a75e0512badb8080a5fa7c9f2b59673b37190
                                                                                                • Opcode Fuzzy Hash: c4e3774ceaa1d1e9a613635d0e3749589b511a548b272ce89c2870924086853f
                                                                                                • Instruction Fuzzy Hash: 12513E35A006199FCB05DF64C881AADBBF5FF49314F088498E949AB372DB31ED55CBA0
                                                                                                Function 00C08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00C08F40
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00C08FD0
                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00C08FEC
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00C09032
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C09052
                                                                                                  • Part of subcall function 00B9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00BF1043,?,7529E610), ref: 00B9F6E6
                                                                                                  • Part of subcall function 00B9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00BDFA64,00000000,00000000,?,?,00BF1043,?,7529E610,?,00BDFA64), ref: 00B9F70D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                • String ID:
                                                                                                • API String ID: 666041331-0
                                                                                                • Opcode ID: 38180f1faf6ed88fc914f3956df35e88ec8faf1e613a319ce5f5c7405dfa44bf
                                                                                                • Instruction ID: 3b52e255f3f89c7db7f15b76a3521ecb8557d755d6473105cfac0c221e224544
                                                                                                • Opcode Fuzzy Hash: 38180f1faf6ed88fc914f3956df35e88ec8faf1e613a319ce5f5c7405dfa44bf
                                                                                                • Instruction Fuzzy Hash: 90513C35604205DFCB15EF68C4949ADBBF1FF59314B1880A8E855AB3A2DB31EE85CB90
                                                                                                Function 00BB2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: ef8aa819040ac5242630ab78da6ddf28d7bf803428aa82ae25c221005bd37ce6
                                                                                                • Instruction ID: c15b8de4c642e1540dbc2b343435f04815948257f6721d8a972b50b0c651898c
                                                                                                • Opcode Fuzzy Hash: ef8aa819040ac5242630ab78da6ddf28d7bf803428aa82ae25c221005bd37ce6
                                                                                                • Instruction Fuzzy Hash: C641D376A00200AFCB24DF78C881AADB7F5EF89314F5585A8E515EB355DB71AD01CB80
                                                                                                Function 00B9912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCursorPos.USER32(?), ref: 00B99141
                                                                                                • ScreenToClient.USER32(00000000,?), ref: 00B9915E
                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00B99183
                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00B9919D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                • String ID:
                                                                                                • API String ID: 4210589936-0
                                                                                                • Opcode ID: 030e24d82cd03ede0caf39135831a27e87776d9222a756ac75a8c78535031d7b
                                                                                                • Instruction ID: 08c1a8606996b08ce5de9372cf6b30a7da3bfe5b77291133184cc790d5c973f3
                                                                                                • Opcode Fuzzy Hash: 030e24d82cd03ede0caf39135831a27e87776d9222a756ac75a8c78535031d7b
                                                                                                • Instruction Fuzzy Hash: B9414F7190851AFBDF159F68C884BEEF7B5FB05320F20836AE425B62D0EB305950DB91
                                                                                                Function 00BF3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetInputState.USER32 ref: 00BF38CB
                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00BF3922
                                                                                                • TranslateMessage.USER32(?), ref: 00BF394B
                                                                                                • DispatchMessageW.USER32(?), ref: 00BF3955
                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BF3966
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                • String ID:
                                                                                                • API String ID: 2256411358-0
                                                                                                • Opcode ID: 2a1a3837477fbcdd024ac525bc66cae5f5efd74d4c2ee3b90aeda18a2a8b4286
                                                                                                • Instruction ID: b9be4b8fd9cd21dfb5816aac5521bf1d337aa24807b48f1ab58a4bcd861a8724
                                                                                                • Opcode Fuzzy Hash: 2a1a3837477fbcdd024ac525bc66cae5f5efd74d4c2ee3b90aeda18a2a8b4286
                                                                                                • Instruction Fuzzy Hash: F631BA745443499EEB35C7349858BBA37E4EB05741F08859DE963931A0D3F49688CB11
                                                                                                Function 00BFCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00BFCF38
                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00BFCF6F
                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00BFC21E,00000000), ref: 00BFCFB4
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00BFC21E,00000000), ref: 00BFCFC8
                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00BFC21E,00000000), ref: 00BFCFF2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                • String ID:
                                                                                                • API String ID: 3191363074-0
                                                                                                • Opcode ID: 62d5de358a08f0cbf3410aa36977e7f1b877d95dd66955111d7b04e58ce8b220
                                                                                                • Instruction ID: 79746eaa6a250e65fc628dae98c5aa1cb5d77701c64c1dd6334eb3c1edbe78e6
                                                                                                • Opcode Fuzzy Hash: 62d5de358a08f0cbf3410aa36977e7f1b877d95dd66955111d7b04e58ce8b220
                                                                                                • Instruction Fuzzy Hash: 8D314D7150420EAFDB20DFA5C984ABEBBF9EF15350B1084AEF616D3151D730AE88DB60
                                                                                                Function 00BE1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE1915
                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00BE19C1
                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00BE19C9
                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00BE19DA
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00BE19E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3382505437-0
                                                                                                • Opcode ID: cb19a54615af8fd47b1211c395c49dc791ffab74f4555edb159e687912ba9e81
                                                                                                • Instruction ID: 4aa38b924f8d664c678a5eb13ad9eebb5af2e3692292c1181b8547d1ecaf25b5
                                                                                                • Opcode Fuzzy Hash: cb19a54615af8fd47b1211c395c49dc791ffab74f4555edb159e687912ba9e81
                                                                                                • Instruction Fuzzy Hash: 1431CF75900259EFCB00CFACC998BDE3BB5FB05315F208665F921A72D1C3709955CB90
                                                                                                Function 00C15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00C15745
                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00C1579D
                                                                                                • _wcslen.LIBCMT ref: 00C157AF
                                                                                                • _wcslen.LIBCMT ref: 00C157BA
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C15816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 763830540-0
                                                                                                • Opcode ID: 0fd1bbc9a8637c67db484d119425a2a6fe11533cb6ebab012d3fab79213c6f50
                                                                                                • Instruction ID: be8e43f57eb9219b3489c410df7c5d1ee2c52efba586f700e14a419b6185f439
                                                                                                • Opcode Fuzzy Hash: 0fd1bbc9a8637c67db484d119425a2a6fe11533cb6ebab012d3fab79213c6f50
                                                                                                • Instruction Fuzzy Hash: 9B21B475904618DADB209FA1CC85AEEB7B8FF86324F108256F929EB1C0D7708AC5DF50
                                                                                                Function 00C00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 00C00951
                                                                                                • GetForegroundWindow.USER32 ref: 00C00968
                                                                                                • GetDC.USER32(00000000), ref: 00C009A4
                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00C009B0
                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00C009E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                • String ID:
                                                                                                • API String ID: 4156661090-0
                                                                                                • Opcode ID: 6ba9971c6109229cd30c1077d323275e67d85ef9aca125abc46984977250d775
                                                                                                • Instruction ID: 3eb5ff0089845d64b88216f33d3f46ea25e572a7388ee6a5862400aebe1ee0d2
                                                                                                • Opcode Fuzzy Hash: 6ba9971c6109229cd30c1077d323275e67d85ef9aca125abc46984977250d775
                                                                                                • Instruction Fuzzy Hash: E8215B75600204AFD704EF69D884BAEBBE9FF49700F14C468F95A973A2CB70AD04CB90
                                                                                                Function 00BBCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00BBCDC6
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BBCDE9
                                                                                                  • Part of subcall function 00BB3820: RtlAllocateHeap.NTDLL(00000000,?,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6,?,00B81129), ref: 00BB3852
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00BBCE0F
                                                                                                • _free.LIBCMT ref: 00BBCE22
                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BBCE31
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 336800556-0
                                                                                                • Opcode ID: ab08f23312f22ea364135daf925bbe11c90745f63b5002668c5864e0a27d5ea9
                                                                                                • Instruction ID: b3254d00402b2e3a349ca83c95382e8a3aecd7221a12e260b8d65a20f494bb99
                                                                                                • Opcode Fuzzy Hash: ab08f23312f22ea364135daf925bbe11c90745f63b5002668c5864e0a27d5ea9
                                                                                                • Instruction Fuzzy Hash: E4018872601615BF23215A766CC8EFF6DEDEEC7BA131541A9F905DB201DAA1DD0181B0
                                                                                                Function 00B99639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B99693
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B996A2
                                                                                                • BeginPath.GDI32(?), ref: 00B996B9
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B996E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                • String ID:
                                                                                                • API String ID: 3225163088-0
                                                                                                • Opcode ID: a93aa9f122872e5e20a2e3d6766a637b95b5370e67b62e61134b8ad0df7390bb
                                                                                                • Instruction ID: 7e9e09fc0eb05d87483dd37759ff2394cd125d6321e6cb656dd8f69e8a093767
                                                                                                • Opcode Fuzzy Hash: a93aa9f122872e5e20a2e3d6766a637b95b5370e67b62e61134b8ad0df7390bb
                                                                                                • Instruction Fuzzy Hash: 29218E74842305EBDF119F68EC487ED7BF9FB12366F28426AF811A61B0D3709891CB94
                                                                                                Function 00BE5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2931989736-0
                                                                                                • Opcode ID: fea17b8ff3dbc6dd6d3ad916c83f9c3eeb6f5e80fa290cd5f8e7eab8ba09d2d0
                                                                                                • Instruction ID: 7d44b79da3395809d7be7cc0872b1444210bbefece0b74fdf3354a131419f00b
                                                                                                • Opcode Fuzzy Hash: fea17b8ff3dbc6dd6d3ad916c83f9c3eeb6f5e80fa290cd5f8e7eab8ba09d2d0
                                                                                                • Instruction Fuzzy Hash: 5B01F5B2345609FBD62899169D92FFF73DCDB22399F0000B4FD049A241F760ED6192E4
                                                                                                Function 00BB2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,00BAF2DE,00BB3863,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6), ref: 00BB2DFD
                                                                                                • _free.LIBCMT ref: 00BB2E32
                                                                                                • _free.LIBCMT ref: 00BB2E59
                                                                                                • SetLastError.KERNEL32(00000000,00B81129), ref: 00BB2E66
                                                                                                • SetLastError.KERNEL32(00000000,00B81129), ref: 00BB2E6F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free
                                                                                                • String ID:
                                                                                                • API String ID: 3170660625-0
                                                                                                • Opcode ID: fab4977b0ecb002c8dfa64fe87e287610eccc465e33a356fd3af508101381749
                                                                                                • Instruction ID: 374ab80c72f164af3974aaf4503f39fe68228dc66bb816b7de38d76d37c5767b
                                                                                                • Opcode Fuzzy Hash: fab4977b0ecb002c8dfa64fe87e287610eccc465e33a356fd3af508101381749
                                                                                                • Instruction Fuzzy Hash: 4301F4362456006BC6132736ACC5FFF26E9FBD67A1B2044A8F825A22A2EFE4CC014020
                                                                                                Function 00BE000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?,?,00BE035E), ref: 00BE002B
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?), ref: 00BE0046
                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?), ref: 00BE0054
                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?), ref: 00BE0064
                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BDFF41,80070057,?,?), ref: 00BE0070
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 3897988419-0
                                                                                                • Opcode ID: ef5e570a4072314f37a397a6e6931b20fc383b14b4a8dc0091facefeb567d696
                                                                                                • Instruction ID: 07336756b09fae8f5297c8041573c10948f961f0e5bcdab0c56d44a9343ae97c
                                                                                                • Opcode Fuzzy Hash: ef5e570a4072314f37a397a6e6931b20fc383b14b4a8dc0091facefeb567d696
                                                                                                • Instruction Fuzzy Hash: F7018F72650208BFEB11AF6AEC84BEE7BEDEB44751F148164F905D2211D7B5DD808BA0
                                                                                                Function 00BEE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00BEE997
                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00BEE9A5
                                                                                                • Sleep.KERNEL32(00000000), ref: 00BEE9AD
                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00BEE9B7
                                                                                                • Sleep.KERNEL32 ref: 00BEE9F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                • String ID:
                                                                                                • API String ID: 2833360925-0
                                                                                                • Opcode ID: 04c78d5ac6f484100edf94fb65598a92e5003a784f47e9d64e303e050bea318f
                                                                                                • Instruction ID: 5d0492f140e2472cecf8714c88fb5ebc68952548a609ecfe9040126e0b9af083
                                                                                                • Opcode Fuzzy Hash: 04c78d5ac6f484100edf94fb65598a92e5003a784f47e9d64e303e050bea318f
                                                                                                • Instruction Fuzzy Hash: 85015B35C41629EBCF009BE6D889BEDBBF8FB09300F004586E522B2252CB309550D7A1
                                                                                                Function 00BE10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BE1114
                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1120
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE112F
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BE0B9B,?,?,?), ref: 00BE1136
                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BE114D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 842720411-0
                                                                                                • Opcode ID: 85a7f015b566f199403cf05a4fb8369a045ff7cca9b32e8458662b303b679173
                                                                                                • Instruction ID: 8a9578486fc0dede984893047663891b3170130789706960f95d1039f62bb133
                                                                                                • Opcode Fuzzy Hash: 85a7f015b566f199403cf05a4fb8369a045ff7cca9b32e8458662b303b679173
                                                                                                • Instruction Fuzzy Hash: 15011D79140305BFDB114F69DC89BAE3BAEFF86360B208455FA45D7360DB71DC109A60
                                                                                                Function 00BE0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BE0FCA
                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BE0FD6
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BE0FE5
                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BE0FEC
                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BE1002
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: 99eb44696bbc9a010c117b4162133135eed592909b70f83f4e2f4d6988e69537
                                                                                                • Instruction ID: 9bc25acaf3ccf3e7580b0f10df0a74f420c6f2eb963a652bf11cccab67c76d25
                                                                                                • Opcode Fuzzy Hash: 99eb44696bbc9a010c117b4162133135eed592909b70f83f4e2f4d6988e69537
                                                                                                • Instruction Fuzzy Hash: B3F04F39180351BBD7214FA99C89F9A3BAEFF8A761F618854F946C6291CA70DC508A60
                                                                                                Function 00BE1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BE102A
                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1036
                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1045
                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE104C
                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1062
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                • String ID:
                                                                                                • API String ID: 44706859-0
                                                                                                • Opcode ID: dc11c147de77b90d1ed73dab035f9cb8946e554bb46dd3831b484731c80ae0ff
                                                                                                • Instruction ID: 841bf9e9cae777de3d89389de8829258577984cf4986d4910d113bd3384f102d
                                                                                                • Opcode Fuzzy Hash: dc11c147de77b90d1ed73dab035f9cb8946e554bb46dd3831b484731c80ae0ff
                                                                                                • Instruction Fuzzy Hash: 0FF06239180351FBD7215FA9EC89F9A3BAEFF8A761F214414F945C7251CB70D8508A60
                                                                                                Function 00BF030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF0324
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF0331
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF033E
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF034B
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF0358
                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00BF017D,?,00BF32FC,?,00000001,00BC2592,?), ref: 00BF0365
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 2962429428-0
                                                                                                • Opcode ID: 35cd0012c461dab8097eddffcaf0f463263301bb1640e574bed8ecc082058224
                                                                                                • Instruction ID: 7bb6f81cf2576d14b4cb6de47a221a2503c5339463f5c26609ff6a519b57d70f
                                                                                                • Opcode Fuzzy Hash: 35cd0012c461dab8097eddffcaf0f463263301bb1640e574bed8ecc082058224
                                                                                                • Instruction Fuzzy Hash: 2301A272810B199FC730AF66D880826F7F5FF543153158A7FD29652932C371A959CF84
                                                                                                Function 00BBD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00BBD752
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BBD764
                                                                                                • _free.LIBCMT ref: 00BBD776
                                                                                                • _free.LIBCMT ref: 00BBD788
                                                                                                • _free.LIBCMT ref: 00BBD79A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: e1deacdfa8ecc954bfdcd436b589b825fe1436cf7c9f7263ba477b4b40dbfdf4
                                                                                                • Instruction ID: ab14008c367b59fc2291731410f660e0a56fb76983a38887d7b522c34ecc5569
                                                                                                • Opcode Fuzzy Hash: e1deacdfa8ecc954bfdcd436b589b825fe1436cf7c9f7263ba477b4b40dbfdf4
                                                                                                • Instruction Fuzzy Hash: 5EF04F32501204BBC661EB65F9C5EEA77DDFB053107940C95F088D7651DBA4FC808664
                                                                                                Function 00BE5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00BE5C58
                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00BE5C6F
                                                                                                • MessageBeep.USER32(00000000), ref: 00BE5C87
                                                                                                • KillTimer.USER32(?,0000040A), ref: 00BE5CA3
                                                                                                • EndDialog.USER32(?,00000001), ref: 00BE5CBD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3741023627-0
                                                                                                • Opcode ID: ca0a94e68c3c8d13f852dde5bdbf50eea8cee2a85c25c09e71c0ffd585c993c4
                                                                                                • Instruction ID: a35bd7159e989f5155f50a7c8efaa6b6a62783c44f09ad45f2fac3ce91269988
                                                                                                • Opcode Fuzzy Hash: ca0a94e68c3c8d13f852dde5bdbf50eea8cee2a85c25c09e71c0ffd585c993c4
                                                                                                • Instruction Fuzzy Hash: 16016D30540B44ABEB305B11DD9EFEA77F8FB06B09F004599B683A11E1DBF4A984CA90
                                                                                                Function 00BB22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00BB22BE
                                                                                                  • Part of subcall function 00BB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000), ref: 00BB29DE
                                                                                                  • Part of subcall function 00BB29C8: GetLastError.KERNEL32(00000000,?,00BBD7D1,00000000,00000000,00000000,00000000,?,00BBD7F8,00000000,00000007,00000000,?,00BBDBF5,00000000,00000000), ref: 00BB29F0
                                                                                                • _free.LIBCMT ref: 00BB22D0
                                                                                                • _free.LIBCMT ref: 00BB22E3
                                                                                                • _free.LIBCMT ref: 00BB22F4
                                                                                                • _free.LIBCMT ref: 00BB2305
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 760e061481c192f3620a523c894c3f1d369c43663d2e893728e3a89bfced16cd
                                                                                                • Instruction ID: 7897b4d12075425aa5729792b8ef9162a1d572ab7c478f98c248c60118fb6ce0
                                                                                                • Opcode Fuzzy Hash: 760e061481c192f3620a523c894c3f1d369c43663d2e893728e3a89bfced16cd
                                                                                                • Instruction Fuzzy Hash: A9F0547C4013109B8652AF94BC41BAC3BE4F719752B150A56F818E63B1C7B004919FE5
                                                                                                Function 00B995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EndPath.GDI32(?), ref: 00B995D4
                                                                                                • StrokeAndFillPath.GDI32(?,?,00BD71F7,00000000,?,?,?), ref: 00B995F0
                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B99603
                                                                                                • DeleteObject.GDI32 ref: 00B99616
                                                                                                • StrokePath.GDI32(?), ref: 00B99631
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                • String ID:
                                                                                                • API String ID: 2625713937-0
                                                                                                • Opcode ID: f6d8a5e53208c6eaa1cfd52045200b8e90ee4f1d0528bc744abf3fd09dc9c07c
                                                                                                • Instruction ID: 133d3678b750f5cfd2b04ff5aac3b7fe562c3884eefaa37c4ed668474ed83405
                                                                                                • Opcode Fuzzy Hash: f6d8a5e53208c6eaa1cfd52045200b8e90ee4f1d0528bc744abf3fd09dc9c07c
                                                                                                • Instruction Fuzzy Hash: F4F03C38045304EBDB125F69ED5C7AD3BA1FB16323F188268F865A50F0C7308991DF64
                                                                                                Function 00BB0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __freea$_free
                                                                                                • String ID: a/p$am/pm
                                                                                                • API String ID: 3432400110-3206640213
                                                                                                • Opcode ID: 44b0aaa701b257bbda308815b724cf76fe7f393fc7f1faafa7b405e67f3fcb12
                                                                                                • Instruction ID: 24663b04b945c00d8df2b1155fa898ffcdfc9c4b878afc34940e80bf6d25d001
                                                                                                • Opcode Fuzzy Hash: 44b0aaa701b257bbda308815b724cf76fe7f393fc7f1faafa7b405e67f3fcb12
                                                                                                • Instruction Fuzzy Hash: B0D1C331900205EBDB249F6CC8A5BFAB7F5EF05700F9849D9E501AB650E3B59D80CB65
                                                                                                Function 00C07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BA0242: EnterCriticalSection.KERNEL32(00C5070C,00C51884,?,?,00B9198B,00C52518,?,?,?,00B812F9,00000000), ref: 00BA024D
                                                                                                  • Part of subcall function 00BA0242: LeaveCriticalSection.KERNEL32(00C5070C,?,00B9198B,00C52518,?,?,?,00B812F9,00000000), ref: 00BA028A
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BA00A3: __onexit.LIBCMT ref: 00BA00A9
                                                                                                • __Init_thread_footer.LIBCMT ref: 00C07BFB
                                                                                                  • Part of subcall function 00BA01F8: EnterCriticalSection.KERNEL32(00C5070C,?,?,00B98747,00C52514), ref: 00BA0202
                                                                                                  • Part of subcall function 00BA01F8: LeaveCriticalSection.KERNEL32(00C5070C,?,00B98747,00C52514), ref: 00BA0235
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                • API String ID: 535116098-3733170431
                                                                                                • Opcode ID: 224f385b0b9a05f1d983ef57b1642d4e6d035e04e3fa0690704382d6a311b836
                                                                                                • Instruction ID: c0b7502f23d9bb21a070b4137fad3435f9d85aa86c2e4a947f710bd4e40300fe
                                                                                                • Opcode Fuzzy Hash: 224f385b0b9a05f1d983ef57b1642d4e6d035e04e3fa0690704382d6a311b836
                                                                                                • Instruction Fuzzy Hash: B6919D74A04209EFCB18EF54D8919BDB7B1FF45300F108199F816AB2A1DB31AE85DB50
                                                                                                Function 00BE2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BEB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BE21D0,?,?,00000034,00000800,?,00000034), ref: 00BEB42D
                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00BE2760
                                                                                                  • Part of subcall function 00BEB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BE21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00BEB3F8
                                                                                                  • Part of subcall function 00BEB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00BEB355
                                                                                                  • Part of subcall function 00BEB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00BE2194,00000034,?,?,00001004,00000000,00000000), ref: 00BEB365
                                                                                                  • Part of subcall function 00BEB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00BE2194,00000034,?,?,00001004,00000000,00000000), ref: 00BEB37B
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BE27CD
                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BE281A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                • String ID: @
                                                                                                • API String ID: 4150878124-2766056989
                                                                                                • Opcode ID: 62ed1c3e39b0ff7001d97b726cb5ba7c88d8de47c40c3bc4a73395f798b5edbb
                                                                                                • Instruction ID: 091ffbcfab30496c6df3ea76c8bd051af23472d7898e42ce73ee29c75850b313
                                                                                                • Opcode Fuzzy Hash: 62ed1c3e39b0ff7001d97b726cb5ba7c88d8de47c40c3bc4a73395f798b5edbb
                                                                                                • Instruction Fuzzy Hash: C1411A72900218AFDB10DBA5CD86FEEBBB8EF09700F108095FA55B7191DB706E45CBA1
                                                                                                Function 00BB172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00BB1769
                                                                                                • _free.LIBCMT ref: 00BB1834
                                                                                                • _free.LIBCMT ref: 00BB183E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free$FileModuleName
                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                • API String ID: 2506810119-517116171
                                                                                                • Opcode ID: bdd586ceb04542a10defc41bb98139c9f8555acd9a3fffd011d13aa009abf32f
                                                                                                • Instruction ID: 0c054dc0fab29aeee79790b064190e942d4b6cec3b23dd3fe39e6ae48b8ad01f
                                                                                                • Opcode Fuzzy Hash: bdd586ceb04542a10defc41bb98139c9f8555acd9a3fffd011d13aa009abf32f
                                                                                                • Instruction Fuzzy Hash: 1A316175A40218ABDB21DB99DC95EEEBBFCEB85310F5445E6F804E7211DAB08E40CB90
                                                                                                Function 00BEC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00BEC306
                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00BEC34C
                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00C51990,00E166C0), ref: 00BEC395
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                • String ID: 0
                                                                                                • API String ID: 135850232-4108050209
                                                                                                • Opcode ID: 9525ec21fc1307f7bc7498886110e659492ee77cc2ebd5d9fbab0d9a2e673064
                                                                                                • Instruction ID: 4a53bd4481f4517bc967e7dc8f7a076e3a41d0b076896a9a1fe3aacdcfc94597
                                                                                                • Opcode Fuzzy Hash: 9525ec21fc1307f7bc7498886110e659492ee77cc2ebd5d9fbab0d9a2e673064
                                                                                                • Instruction Fuzzy Hash: AF41B1312043819FDB20DF26D884F5ABBE8EF85310F14869DF9A5972D2D730E905CB6A
                                                                                                Function 00C14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00C1CC08,00000000,?,?,?,?), ref: 00C144AA
                                                                                                • GetWindowLongW.USER32 ref: 00C144C7
                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C144D7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID: SysTreeView32
                                                                                                • API String ID: 847901565-1698111956
                                                                                                • Opcode ID: 72ee529f8ba8c150b2467541f63e9d55586e10f3b907fcd0688003b3bb17a5f5
                                                                                                • Instruction ID: 39b34a2aaf344648fc22aed6d1fe1967146b9c10b66ec4bf60f3ab7edc1f808d
                                                                                                • Opcode Fuzzy Hash: 72ee529f8ba8c150b2467541f63e9d55586e10f3b907fcd0688003b3bb17a5f5
                                                                                                • Instruction Fuzzy Hash: 80318F71210205AFDF249F38DC45BDA77AAEB0A334F204725F975921E0D770ED91A750
                                                                                                Function 00C14537 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00C1461F
                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C14634
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: '$Hf
                                                                                                • API String ID: 3850602802-162975424
                                                                                                • Opcode ID: 35e85e7c1c4d3f5857ee7600b9b0c0ed003a92c8b43a1b367502fdc50a189d89
                                                                                                • Instruction ID: a0e1833f0ecbe00ca4ae85eae0ece3bd304d2c7bac6461c0506d4ce71d70071b
                                                                                                • Opcode Fuzzy Hash: 35e85e7c1c4d3f5857ee7600b9b0c0ed003a92c8b43a1b367502fdc50a189d89
                                                                                                • Instruction Fuzzy Hash: 5C3119B4A013099FDB18CF69C990BDE7BB6FF4A304F14406AE915AB351D770A981DF90
                                                                                                Function 00C0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00C0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00C03077,?,?), ref: 00C03378
                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C0307A
                                                                                                • _wcslen.LIBCMT ref: 00C0309B
                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00C03106
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                • String ID: 255.255.255.255
                                                                                                • API String ID: 946324512-2422070025
                                                                                                • Opcode ID: aac368bbbbd08de0f115d122a174792f7d70a8f3a5a3ca5e5e991b2e2b8f80b8
                                                                                                • Instruction ID: fe90ed8fd25f2f09f29b84185dbf16892d0f627b428ce067649eaa143c7b6d27
                                                                                                • Opcode Fuzzy Hash: aac368bbbbd08de0f115d122a174792f7d70a8f3a5a3ca5e5e991b2e2b8f80b8
                                                                                                • Instruction Fuzzy Hash: E431F3392042819FDB10CF29C485EAA77F8EF55318F248099E9258B3E2CB32EF41C760
                                                                                                Function 00C13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00C13F40
                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00C13F54
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C13F78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window
                                                                                                • String ID: SysMonthCal32
                                                                                                • API String ID: 2326795674-1439706946
                                                                                                • Opcode ID: 288eb4d24856468793066d975387ca803757c092628391f70562caa722c38c66
                                                                                                • Instruction ID: aafac110db37cf6c53cace5d1f1ad34ffb7fc248dd3df8a6d09c14b4ca46c3de
                                                                                                • Opcode Fuzzy Hash: 288eb4d24856468793066d975387ca803757c092628391f70562caa722c38c66
                                                                                                • Instruction Fuzzy Hash: B321AD32600259BFDF218E90CC86FEE3B75EF49718F110254FA156B1D0D6B1A995DB90
                                                                                                Function 00BE95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                • API String ID: 176396367-2734436370
                                                                                                • Opcode ID: 983582ee33208ddfc4f5b588a75cfcffc366ac4f5e4fc6ee3c6ea8d82af23af7
                                                                                                • Instruction ID: 737254e5c149852aed3bf7116e0aa064d55fec1c98202e1a4f89e1c132373964
                                                                                                • Opcode Fuzzy Hash: 983582ee33208ddfc4f5b588a75cfcffc366ac4f5e4fc6ee3c6ea8d82af23af7
                                                                                                • Instruction Fuzzy Hash: E8218B72248691ABC331BB269C02FBB73E8DFA2300F1044BAF94997041EB64DD89C395
                                                                                                Function 00C137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00C13840
                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00C13850
                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00C13876
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                • String ID: Listbox
                                                                                                • API String ID: 3315199576-2633736733
                                                                                                • Opcode ID: abd72a880ded4a7088c66922691cc94ab7f09d33f2f653729e3d5c1055380f12
                                                                                                • Instruction ID: c795b52e0b9290ebb00c9d5fc6c2fc901558c489ffd6ee8efb4a881ae4bb292a
                                                                                                • Opcode Fuzzy Hash: abd72a880ded4a7088c66922691cc94ab7f09d33f2f653729e3d5c1055380f12
                                                                                                • Instruction Fuzzy Hash: A521AC72600218BBEF218F54CC85FEB376AEF8A758F118125F9109B1D0C671DD9297A0
                                                                                                Function 00BF49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00BF4A08
                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00BF4A5C
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,00C1CC08), ref: 00BF4AD0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                • String ID: %lu
                                                                                                • API String ID: 2507767853-685833217
                                                                                                • Opcode ID: de10e33e4417ce695c042063fac4f3d45efa646274a2db921de24ef297146ef1
                                                                                                • Instruction ID: 7bd93c5d642599aa488e1bcf5d91e66cd17bb7c8fb6b1836cd0c2cd0f1170569
                                                                                                • Opcode Fuzzy Hash: de10e33e4417ce695c042063fac4f3d45efa646274a2db921de24ef297146ef1
                                                                                                • Instruction Fuzzy Hash: A5312F75A40109AFDB10DF54C985EAE7BF8EF09308F1480A9F909DB262D771ED45CB61
                                                                                                Function 00C141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00C1424F
                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00C14264
                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00C14271
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: msctls_trackbar32
                                                                                                • API String ID: 3850602802-1010561917
                                                                                                • Opcode ID: ca3d6121964af740164b626fd2dfcb8fe674f45e5f748ea2da8e53591d197150
                                                                                                • Instruction ID: ff326e3ebd92322f6d205b7c99140183b2b61101a46ad18403a7ad04d1ff4198
                                                                                                • Opcode Fuzzy Hash: ca3d6121964af740164b626fd2dfcb8fe674f45e5f748ea2da8e53591d197150
                                                                                                • Instruction Fuzzy Hash: 0811C671240248BEEF205F69CC46FEB3BACEF96B54F110524FA55E60A0D671DCA1EB10
                                                                                                Function 00BE2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B86B57: _wcslen.LIBCMT ref: 00B86B6A
                                                                                                  • Part of subcall function 00BE2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BE2DC5
                                                                                                  • Part of subcall function 00BE2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BE2DD6
                                                                                                  • Part of subcall function 00BE2DA7: GetCurrentThreadId.KERNEL32 ref: 00BE2DDD
                                                                                                  • Part of subcall function 00BE2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BE2DE4
                                                                                                • GetFocus.USER32 ref: 00BE2F78
                                                                                                  • Part of subcall function 00BE2DEE: GetParent.USER32(00000000), ref: 00BE2DF9
                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00BE2FC3
                                                                                                • EnumChildWindows.USER32(?,00BE303B), ref: 00BE2FEB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                • String ID: %s%d
                                                                                                • API String ID: 1272988791-1110647743
                                                                                                • Opcode ID: d723012fe2ca52e2a1f53d74a135483ab5a7bcacdc15dc965488818b559f0522
                                                                                                • Instruction ID: 3f4a4e7f94d474f1086f1bca66619607a2b8ce04c53e8b38f7e06ffd7d3471ce
                                                                                                • Opcode Fuzzy Hash: d723012fe2ca52e2a1f53d74a135483ab5a7bcacdc15dc965488818b559f0522
                                                                                                • Instruction Fuzzy Hash: 5911A2756002456BDF157F618CCAFEE37EAAF94314F0480B5BA099B163DF309945CB60
                                                                                                Function 00C15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C158C1
                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C158EE
                                                                                                • DrawMenuBar.USER32(?), ref: 00C158FD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                • String ID: 0
                                                                                                • API String ID: 3227129158-4108050209
                                                                                                • Opcode ID: f5f6c8b72f7fe23b3ab309b1520a89296421bc13e68a9227fd7f4e0a4fec9fb2
                                                                                                • Instruction ID: 3c216bf51136b44f0689bf96c21c8a153af59824cb826f3139e43479ed22d98d
                                                                                                • Opcode Fuzzy Hash: f5f6c8b72f7fe23b3ab309b1520a89296421bc13e68a9227fd7f4e0a4fec9fb2
                                                                                                • Instruction Fuzzy Hash: AA015731600218EFDB219F11DC44BEEBBB9FB86360F1080A9F849D6151DB308A85EF21
                                                                                                Function 00C17803 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(?,00C518B0,00C1A364,000000FC,?,00000000,00000000,?,?,?,00BD76CF,?,?,?,?,?), ref: 00C17805
                                                                                                • GetFocus.USER32 ref: 00C1780D
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 00C1787A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3601265619-3302991505
                                                                                                • Opcode ID: 2db3d8f7f12e60de0f41f4cbea54c7464cf0f66219293c37353cd1b644984b23
                                                                                                • Instruction ID: e79b2dee1c5edbd97ca4099e06a7b5581c8ef54f0df0ef7e79c313bc41067c2e
                                                                                                • Opcode Fuzzy Hash: 2db3d8f7f12e60de0f41f4cbea54c7464cf0f66219293c37353cd1b644984b23
                                                                                                • Instruction Fuzzy Hash: BE015E355012108FD725DB28D85CBAA33F5AF8A320B18026DE425972E0CB316D96CB40
                                                                                                Function 00BDD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00BDD3BF
                                                                                                • FreeLibrary.KERNEL32 ref: 00BDD3E5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                • API String ID: 3013587201-2590602151
                                                                                                • Opcode ID: 6c21ea10a387f21edb238bb8f10638317684dad1e13c84363e56e0a24a916477
                                                                                                • Instruction ID: bef6045579f53106f8a869d2f5bf411a363917af335fe14876d348f9705e5cc2
                                                                                                • Opcode Fuzzy Hash: 6c21ea10a387f21edb238bb8f10638317684dad1e13c84363e56e0a24a916477
                                                                                                • Instruction Fuzzy Hash: 9CF05C758C1A11ABCB310610CCD4FADF3A0FF02711BA982E6F881E2394F720CC808689
                                                                                                Function 00BE007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7fb71664debc15a42daaa98364c73b714d6f986953f44ce86413d3a2ddc57403
                                                                                                • Instruction ID: 143ae1b6984dd72b6400f878ba6bc53c7d5d04be00084c9a17cb7da6f6f3f0d4
                                                                                                • Opcode Fuzzy Hash: 7fb71664debc15a42daaa98364c73b714d6f986953f44ce86413d3a2ddc57403
                                                                                                • Instruction Fuzzy Hash: BAC15875A1024AEFCB14DFA9C894AAEB7F5FF48304F208598E505EB251D771EE81CB90
                                                                                                Function 00BB3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                • String ID:
                                                                                                • API String ID: 1036877536-0
                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction ID: 508ea140b49297934119af689c21de15df7d7c43cb33ccd889737516a802236b
                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                • Instruction Fuzzy Hash: 20A11571E046869FDB259F18C891BFABFE5FF62350F1841EDE585AB282C3B48981C750
                                                                                                Function 00C0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 1998397398-0
                                                                                                • Opcode ID: 6272f31e94651980b59ce7add945ab01baaec9ede04771a6ab0a9204ddfd0545
                                                                                                • Instruction ID: 54d16d31c4d5e7d3cc1711564368a76e26cba511cb2afaa4242271172caf8fc0
                                                                                                • Opcode Fuzzy Hash: 6272f31e94651980b59ce7add945ab01baaec9ede04771a6ab0a9204ddfd0545
                                                                                                • Instruction Fuzzy Hash: F1A171756143009FC700EF28C495A6AB7E9FF88714F14889DF9599B3A2DB31EE01CB51
                                                                                                Function 00BE0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00C1FC08,?), ref: 00BE05F0
                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00C1FC08,?), ref: 00BE0608
                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00C1CC40,000000FF,?,00000000,00000800,00000000,?,00C1FC08,?), ref: 00BE062D
                                                                                                • _memcmp.LIBVCRUNTIME ref: 00BE064E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 314563124-0
                                                                                                • Opcode ID: 16b8cb80547dd60ddea44d9515f252df746dfafa156cd33ce1c60a899ae2ebeb
                                                                                                • Instruction ID: 451f1f67039c43121b10799e54cfa8973d7bd9041cbca3fe60d1e5c26ffc3f86
                                                                                                • Opcode Fuzzy Hash: 16b8cb80547dd60ddea44d9515f252df746dfafa156cd33ce1c60a899ae2ebeb
                                                                                                • Instruction Fuzzy Hash: C6810871A10109EFCB04DF94C984EEEB7F9FF89315F208598E516AB250DB71AE46CB60
                                                                                                Function 00C0A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00C0A6AC
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00C0A6BA
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00C0A79C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C0A7AB
                                                                                                  • Part of subcall function 00B9CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00BC3303,?), ref: 00B9CE8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 1991900642-0
                                                                                                • Opcode ID: 7823260f215da40bd1a12fc26d6571e67aa11cf91e76e32f535dd01734837043
                                                                                                • Instruction ID: dabee961ebe5fe91d073f87015303f8e062872398d9dca441947f9bb0b476ba5
                                                                                                • Opcode Fuzzy Hash: 7823260f215da40bd1a12fc26d6571e67aa11cf91e76e32f535dd01734837043
                                                                                                • Instruction Fuzzy Hash: 3D514BB1508311AFD710EF24D886A6FBBE8FF89754F00896DF595972A1EB30D904CB92
                                                                                                Function 00BC1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: 6216ce970fa4cda2b990200dc07fc609cdd6290a6fc5488e50166fcb8e8174ba
                                                                                                • Instruction ID: 6d007ef721a1326dad92abd6793f985051e2b1a383a6eddf099bcc1216f3316b
                                                                                                • Opcode Fuzzy Hash: 6216ce970fa4cda2b990200dc07fc609cdd6290a6fc5488e50166fcb8e8174ba
                                                                                                • Instruction Fuzzy Hash: 4541E731600601ABDB296BBD8C85FFE3AE5EF43360F244AE9F419F6393E67448415A61
                                                                                                Function 00C01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00C01AFD
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01B0B
                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00C01B8A
                                                                                                • WSAGetLastError.WSOCK32 ref: 00C01B94
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$socket
                                                                                                • String ID:
                                                                                                • API String ID: 1881357543-0
                                                                                                • Opcode ID: 3ae76800ccfd9889e3f81f10923e0d78ab4fc1b32afe1c40dc3b3e462f273764
                                                                                                • Instruction ID: 45be89e67eb921a811c75d1d42f833eae5bdb87db32e154359e3eecceece7a82
                                                                                                • Opcode Fuzzy Hash: 3ae76800ccfd9889e3f81f10923e0d78ab4fc1b32afe1c40dc3b3e462f273764
                                                                                                • Instruction Fuzzy Hash: C9418174640200AFE720AF24C886F6977E5AF44718F58C498FA2A9F7D2D772DD41CB90
                                                                                                Function 00BBB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 254ac6e49a62f4b55da0b9a0835f26d85709d45b860984a07f2af1087336e272
                                                                                                • Instruction ID: c0f55eba74e345d408bfb56fad4701f6b20c49c425601b29ab71e406674be8ca
                                                                                                • Opcode Fuzzy Hash: 254ac6e49a62f4b55da0b9a0835f26d85709d45b860984a07f2af1087336e272
                                                                                                • Instruction Fuzzy Hash: 1641D171A00714AFD724AF78C841FFABBE9EB89710F1046AEF146DB682D7F199018780
                                                                                                Function 00BF56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00BF5783
                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00BF57A9
                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00BF57CE
                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00BF57FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 3321077145-0
                                                                                                • Opcode ID: 4899a34c17aa79656e30fcf5425dd5343515b739e9fd2132f64711d491bb5ff9
                                                                                                • Instruction ID: f7b522aa6919d969dba2cad9c9618dad13349a6b1f9485eb837a8d17b240ba4b
                                                                                                • Opcode Fuzzy Hash: 4899a34c17aa79656e30fcf5425dd5343515b739e9fd2132f64711d491bb5ff9
                                                                                                • Instruction Fuzzy Hash: 60410939600610DFCB11EF15C494A5DBBE1EF59724B188488E95AAB372CB30FD44CB91
                                                                                                Function 00BBD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00BA6D71,00000000,00000000,00BA82D9,?,00BA82D9,?,00000001,00BA6D71,8BE85006,00000001,00BA82D9,00BA82D9), ref: 00BBD910
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BBD999
                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00BBD9AB
                                                                                                • __freea.LIBCMT ref: 00BBD9B4
                                                                                                  • Part of subcall function 00BB3820: RtlAllocateHeap.NTDLL(00000000,?,00C51444,?,00B9FDF5,?,?,00B8A976,00000010,00C51440,00B813FC,?,00B813C6,?,00B81129), ref: 00BB3852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                • String ID:
                                                                                                • API String ID: 2652629310-0
                                                                                                • Opcode ID: c08020fee40f84c42ab3379a8244dd7cb6e64fc44577615c34441c37e535157e
                                                                                                • Instruction ID: cf1a14495cdd00151e8207b0d50360e32a68b2bedbbcccdbd09b011add04ef7c
                                                                                                • Opcode Fuzzy Hash: c08020fee40f84c42ab3379a8244dd7cb6e64fc44577615c34441c37e535157e
                                                                                                • Instruction Fuzzy Hash: DB31AB72A0020AABDF249F64DC85EFE7BE5EB41710F1542A8FC44D6260EB79CD54CBA0
                                                                                                Function 00BEAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00BEABF1
                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00BEAC0D
                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00BEAC74
                                                                                                • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00BEACC6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                • String ID:
                                                                                                • API String ID: 432972143-0
                                                                                                • Opcode ID: cb111947127a8cf9e0ca2fd3cc20000a189497613163abe82a972dbe06499a5a
                                                                                                • Instruction ID: d6fae345288230dc9bd913f2b704f083e794da9f6841e2036ad3c3c789ebd93e
                                                                                                • Opcode Fuzzy Hash: cb111947127a8cf9e0ca2fd3cc20000a189497613163abe82a972dbe06499a5a
                                                                                                • Instruction Fuzzy Hash: 38311430A403986FEB348B668C447FE7BE9EB89310F28439AF485923D0C374A9858752
                                                                                                Function 00C116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32 ref: 00C116EB
                                                                                                  • Part of subcall function 00BE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BE3A57
                                                                                                  • Part of subcall function 00BE3A3D: GetCurrentThreadId.KERNEL32 ref: 00BE3A5E
                                                                                                  • Part of subcall function 00BE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BE25B3), ref: 00BE3A65
                                                                                                • GetCaretPos.USER32(?), ref: 00C116FF
                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00C1174C
                                                                                                • GetForegroundWindow.USER32 ref: 00C11752
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                • String ID:
                                                                                                • API String ID: 2759813231-0
                                                                                                • Opcode ID: 7a57992756428b5953f8d91321cc270053cdd4dbdbb8d14265feb906e8107d07
                                                                                                • Instruction ID: dff61ae2f41d241c390de2da845c5d1b7a24e7ae7cd0ef3726b2b6b0057458d3
                                                                                                • Opcode Fuzzy Hash: 7a57992756428b5953f8d91321cc270053cdd4dbdbb8d14265feb906e8107d07
                                                                                                • Instruction Fuzzy Hash: 3C315071D00149AFD700EFAAC881DEEBBF9EF49304B5480A9E515E7251DB35DE45CBA0
                                                                                                Function 00BEDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B87620: _wcslen.LIBCMT ref: 00B87625
                                                                                                • _wcslen.LIBCMT ref: 00BEDFCB
                                                                                                • _wcslen.LIBCMT ref: 00BEDFE2
                                                                                                • _wcslen.LIBCMT ref: 00BEE00D
                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00BEE018
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                • String ID:
                                                                                                • API String ID: 3763101759-0
                                                                                                • Opcode ID: d716042bd0dc35ce7a013838047d4d9a14cb2f37e9123a64b3aaadf755692eca
                                                                                                • Instruction ID: 2469ae71d3b8b2f7957de1aa44959fcc5ffcd29e7e162ecfdc914afc8f7c34bc
                                                                                                • Opcode Fuzzy Hash: d716042bd0dc35ce7a013838047d4d9a14cb2f37e9123a64b3aaadf755692eca
                                                                                                • Instruction Fuzzy Hash: 9621B771900215EFCB10DF68D982BAEB7F8EF86760F1440A5E805BB242D7B0DD41CBA1
                                                                                                Function 00BED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNEL32(?,00C1CB68), ref: 00BED2FB
                                                                                                • GetLastError.KERNEL32 ref: 00BED30A
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BED319
                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00C1CB68), ref: 00BED376
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                • String ID:
                                                                                                • API String ID: 2267087916-0
                                                                                                • Opcode ID: 47ec9b51000c362aaf7fa070c08c6676e6e10a2e3aae9bad4f9f115d76add783
                                                                                                • Instruction ID: 2422fbdcf6b25b5100a8092e828bdad483d990bcab584a06162e0394478123d1
                                                                                                • Opcode Fuzzy Hash: 47ec9b51000c362aaf7fa070c08c6676e6e10a2e3aae9bad4f9f115d76add783
                                                                                                • Instruction Fuzzy Hash: 7721E0745083019F8700EF29C8819AEB7E8FE5A364F504A9DF499C72E1EB30D946CB97
                                                                                                Function 00BE1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BE102A
                                                                                                  • Part of subcall function 00BE1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1036
                                                                                                  • Part of subcall function 00BE1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1045
                                                                                                  • Part of subcall function 00BE1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE104C
                                                                                                  • Part of subcall function 00BE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BE1062
                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00BE15BE
                                                                                                • _memcmp.LIBVCRUNTIME ref: 00BE15E1
                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BE1617
                                                                                                • HeapFree.KERNEL32(00000000), ref: 00BE161E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 1592001646-0
                                                                                                • Opcode ID: 5840c002c06ed4998e394340f71712216a3bb163519f90a8e18799e7c2ac1e96
                                                                                                • Instruction ID: fd9ad31f96b40ed91e6dc8a3504b8b248c65c7de284b08f61348435f7c952521
                                                                                                • Opcode Fuzzy Hash: 5840c002c06ed4998e394340f71712216a3bb163519f90a8e18799e7c2ac1e96
                                                                                                • Instruction Fuzzy Hash: C6218E31E40108EFDF00DFA9C945BEEB7F8EF45354F288899E445A7241D730AA05CB90
                                                                                                Function 00C12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00C1280A
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C12824
                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C12832
                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00C12840
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                • String ID:
                                                                                                • API String ID: 2169480361-0
                                                                                                • Opcode ID: dfaae81989b5c349062a695d2bd323a6508895ff38d508483be1dc8283414ee4
                                                                                                • Instruction ID: 0ffb3e90392eb45e7952c2e0d16308b9a0b0e95b11560d1a0d5192f3e7931b79
                                                                                                • Opcode Fuzzy Hash: dfaae81989b5c349062a695d2bd323a6508895ff38d508483be1dc8283414ee4
                                                                                                • Instruction Fuzzy Hash: CD21CF39204111AFE7149B24C884FEA7B96AF86324F148158F4268B6E2CB71FD92DBD0
                                                                                                Function 00BE78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00BE8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00BE790A,?,000000FF,?,00BE8754,00000000,?,0000001C,?,?), ref: 00BE8D8C
                                                                                                  • Part of subcall function 00BE8D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00BE8DB2
                                                                                                  • Part of subcall function 00BE8D7D: lstrcmpiW.KERNEL32(00000000,?,00BE790A,?,000000FF,?,00BE8754,00000000,?,0000001C,?,?), ref: 00BE8DE3
                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00BE8754,00000000,?,0000001C,?,?,00000000), ref: 00BE7923
                                                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 00BE7949
                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00BE8754,00000000,?,0000001C,?,?,00000000), ref: 00BE7984
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                • String ID: cdecl
                                                                                                • API String ID: 4031866154-3896280584
                                                                                                • Opcode ID: dc90e7de256150e0a3489ca7ab4a0f780439117d7721b38ba1b920bcc11d6952
                                                                                                • Instruction ID: d673ed61fefbc413ce2a92727479726c2ec09bc87f2aa996a5d15af059ac0169
                                                                                                • Opcode Fuzzy Hash: dc90e7de256150e0a3489ca7ab4a0f780439117d7721b38ba1b920bcc11d6952
                                                                                                • Instruction Fuzzy Hash: 2411063A240382BBCB159F35CC44E7A77E5FF45350B50806AF806C7265EF319801C751
                                                                                                Function 00C17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C17D0B
                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00C17D2A
                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00C17D42
                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00BFB7AD,00000000), ref: 00C17D6B
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$Long
                                                                                                • String ID:
                                                                                                • API String ID: 847901565-0
                                                                                                • Opcode ID: e4607a77ac4f2dd99115a3305515937d9c9d40934fd8cf9625a5eddb70d04967
                                                                                                • Instruction ID: 5b3658a79804cafb35a13b17f4486bff0ab0de1819f87fc1a4ca1b292fb70585
                                                                                                • Opcode Fuzzy Hash: e4607a77ac4f2dd99115a3305515937d9c9d40934fd8cf9625a5eddb70d04967
                                                                                                • Instruction Fuzzy Hash: 7011C035204618AFCB109F28DC08BEA3BA5BF46364B158724FC35D72F0D7308A90EB80
                                                                                                Function 00C15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00C156BB
                                                                                                • _wcslen.LIBCMT ref: 00C156CD
                                                                                                • _wcslen.LIBCMT ref: 00C156D8
                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C15816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend_wcslen
                                                                                                • String ID:
                                                                                                • API String ID: 455545452-0
                                                                                                • Opcode ID: 8d3e92e5e3a63d01792f86a0cfda832b74c846bffce25ffbea10a707ec31766e
                                                                                                • Instruction ID: 06b8541b5c2e1a397298f07c1d8cd4269121fc18b7e0f88a8d1d3594e1070462
                                                                                                • Opcode Fuzzy Hash: 8d3e92e5e3a63d01792f86a0cfda832b74c846bffce25ffbea10a707ec31766e
                                                                                                • Instruction Fuzzy Hash: 57110375600608DADF209F61CC85BEE77ACEF93364F104066F925D6181E770CAC0DBA4
                                                                                                Function 00BB1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5b3d9b3d2f24131e6cdbd7e6cfcc487cfb368e4d1976801db0f7ceca2b778e72
                                                                                                • Instruction ID: 65670bc5e2fbaa28d30577b8136455b31da333b7f9f00769a3dd47c7db1e8790
                                                                                                • Opcode Fuzzy Hash: 5b3d9b3d2f24131e6cdbd7e6cfcc487cfb368e4d1976801db0f7ceca2b778e72
                                                                                                • Instruction Fuzzy Hash: 40017CB22056167FE611167C6CD0FBB669CEF417B8B700BB5B531A12D2DBA08C004170
                                                                                                Function 00BE1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00BE1A47
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BE1A59
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BE1A6F
                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BE1A8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: b74ced959f036c0772b6bfb305cd98bc33220d3d536fc5d1fb11f60c26fb4a71
                                                                                                • Instruction ID: 354a027e11dd35e36dadb4c3b32ffb421f51944116a637813ce2c65553e53990
                                                                                                • Opcode Fuzzy Hash: b74ced959f036c0772b6bfb305cd98bc33220d3d536fc5d1fb11f60c26fb4a71
                                                                                                • Instruction Fuzzy Hash: 9B112A3A901219FFEB109BA9C985FADBBB8EB04750F2004A1E610B7290D7716E50DB94
                                                                                                Function 00BEE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BEE1FD
                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00BEE230
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00BEE246
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00BEE24D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 2880819207-0
                                                                                                • Opcode ID: fca688c430fe2e2349d4fb12f6a081876ca3a5d533fdc9a080f9d9c87c6ee6f4
                                                                                                • Instruction ID: ed9623798564f63f7739023060a97a99464c60c676d26690d4c6e3b6510b89cc
                                                                                                • Opcode Fuzzy Hash: fca688c430fe2e2349d4fb12f6a081876ca3a5d533fdc9a080f9d9c87c6ee6f4
                                                                                                • Instruction Fuzzy Hash: 4A11047A904354BBC7019FA89C49BEE7FECEB46321F148295F924E32A0D3B0C94487A0
                                                                                                Function 00BAD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNEL32(00000000,?,00BACFF9,00000000,00000004,00000000), ref: 00BAD218
                                                                                                • GetLastError.KERNEL32 ref: 00BAD224
                                                                                                • __dosmaperr.LIBCMT ref: 00BAD22B
                                                                                                • ResumeThread.KERNEL32(00000000), ref: 00BAD249
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                • String ID:
                                                                                                • API String ID: 173952441-0
                                                                                                • Opcode ID: 5fcc256569a2f85e7a92486dc7a8b4628b03dd6612ccf8e41f8ec373013a957d
                                                                                                • Instruction ID: d15800517b4a11fd72bf3a5c136c33ee692e7f29dad91d437386747277919008
                                                                                                • Opcode Fuzzy Hash: 5fcc256569a2f85e7a92486dc7a8b4628b03dd6612ccf8e41f8ec373013a957d
                                                                                                • Instruction Fuzzy Hash: DD01D6764492047BC7216BA5DC49BEE7AE9EF83330F104299F926925E0DF71C905C6A0
                                                                                                Function 00C19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • GetClientRect.USER32(?,?), ref: 00C19F31
                                                                                                • GetCursorPos.USER32(?), ref: 00C19F3B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C19F46
                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00C19F7A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                • String ID:
                                                                                                • API String ID: 4127811313-0
                                                                                                • Opcode ID: e600d24995d7fae0b967a6285bb083c8a6572c5c60876599a830740b37e38c77
                                                                                                • Instruction ID: 57b11ce38ae5aca921a21664b78cd41bbd1551564aac6e153891eca4db514941
                                                                                                • Opcode Fuzzy Hash: e600d24995d7fae0b967a6285bb083c8a6572c5c60876599a830740b37e38c77
                                                                                                • Instruction Fuzzy Hash: 2511453290021ABBDB10DFA8C899AEE77B9FB06311F004455F911E3140D330BAD2EBA1
                                                                                                Function 00B8600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B8604C
                                                                                                • GetStockObject.GDI32(00000011), ref: 00B86060
                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B8606A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                • String ID:
                                                                                                • API String ID: 3970641297-0
                                                                                                • Opcode ID: 0adb3746a86f83d39cc9e109c5022e2103d67c0917d02a162c9d5734e8e512e9
                                                                                                • Instruction ID: 081628f17195a6d20df882ff15066453e4e52580a011c6cd61262ba31d1e3704
                                                                                                • Opcode Fuzzy Hash: 0adb3746a86f83d39cc9e109c5022e2103d67c0917d02a162c9d5734e8e512e9
                                                                                                • Instruction Fuzzy Hash: 5611AD72101508FFEF165FA48C84FEEBBA9FF093A4F044245FA1452120C7329C60DBA0
                                                                                                Function 00BA3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00BA3B56
                                                                                                  • Part of subcall function 00BA3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00BA3AD2
                                                                                                  • Part of subcall function 00BA3AA3: ___AdjustPointer.LIBCMT ref: 00BA3AED
                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00BA3B6B
                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00BA3B7C
                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00BA3BA4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                • String ID:
                                                                                                • API String ID: 737400349-0
                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction ID: 57b20c7602b1faaa44691760b05127aeded8010cd9d286c97f2de05289a76f96
                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                • Instruction Fuzzy Hash: CF012932104148BBDF125E95DC42EEB7FEAEF8AB54F044094FE4856121C776E961DBA0
                                                                                                Function 00BB3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00B813C6,00000000,00000000,?,00BB301A,00B813C6,00000000,00000000,00000000,?,00BB328B,00000006,FlsSetValue), ref: 00BB30A5
                                                                                                • GetLastError.KERNEL32(?,00BB301A,00B813C6,00000000,00000000,00000000,?,00BB328B,00000006,FlsSetValue,00C22290,FlsSetValue,00000000,00000364,?,00BB2E46), ref: 00BB30B1
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00BB301A,00B813C6,00000000,00000000,00000000,?,00BB328B,00000006,FlsSetValue,00C22290,FlsSetValue,00000000), ref: 00BB30BF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 3177248105-0
                                                                                                • Opcode ID: cb00ec62b57674aca49c5dbc4c62ac5241a6e46ec86a46221396970d112ccdd6
                                                                                                • Instruction ID: dd26f03ce718cd3b462eaa7dd685fee170bf38fad298880324de723cbd8e0500
                                                                                                • Opcode Fuzzy Hash: cb00ec62b57674aca49c5dbc4c62ac5241a6e46ec86a46221396970d112ccdd6
                                                                                                • Instruction Fuzzy Hash: 0401D836745222ABC7315A789C84BFB77D8EF05F61B644660F915E3140C7A1D901C6D0
                                                                                                Function 00BE7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00BE747F
                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00BE7497
                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00BE74AC
                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00BE74CA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                • String ID:
                                                                                                • API String ID: 1352324309-0
                                                                                                • Opcode ID: 7ce1583fd6d4f73de91bb0b47a2aedd499fd340bf0c5aa3fa1358064beca2d57
                                                                                                • Instruction ID: 41e3e92c72a223971a5a2d1a7174450686e1afb331b2d985bd4f2640f5cf7f9c
                                                                                                • Opcode Fuzzy Hash: 7ce1583fd6d4f73de91bb0b47a2aedd499fd340bf0c5aa3fa1358064beca2d57
                                                                                                • Instruction Fuzzy Hash: 6411A1B5289354ABE7208F15EC48FA67BFCFB00B00F10C5A9B616D6291DB70E904DB90
                                                                                                Function 00BEB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BEACD3,?,00008000), ref: 00BEB0C4
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BEACD3,?,00008000), ref: 00BEB0E9
                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BEACD3,?,00008000), ref: 00BEB0F3
                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BEACD3,?,00008000), ref: 00BEB126
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                • String ID:
                                                                                                • API String ID: 2875609808-0
                                                                                                • Opcode ID: cb73de5e27ceafa8537fdd2b263d7345e862df6ec3c0837e2cb14eedf77dd694
                                                                                                • Instruction ID: f801130c185268371dd7b2323adf7a9443eaee9c5b8c4d1019c0a37619576dd5
                                                                                                • Opcode Fuzzy Hash: cb73de5e27ceafa8537fdd2b263d7345e862df6ec3c0837e2cb14eedf77dd694
                                                                                                • Instruction Fuzzy Hash: 0D113C31C41658E7CF00AFE5E998BEFBBB8FF0A721F108095E941B2141CB3095509B52
                                                                                                Function 00C17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowRect.USER32(?,?), ref: 00C17E33
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C17E4B
                                                                                                • ScreenToClient.USER32(?,?), ref: 00C17E6F
                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C17E8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                • String ID:
                                                                                                • API String ID: 357397906-0
                                                                                                • Opcode ID: febb2c7bf9ab1fe408bc562da6c701292423a20ba2308cf9d1680b73630fdabd
                                                                                                • Instruction ID: fe4480a94306fab16c99b0beafb0f4d06885d3b622de568422772900a9b25adf
                                                                                                • Opcode Fuzzy Hash: febb2c7bf9ab1fe408bc562da6c701292423a20ba2308cf9d1680b73630fdabd
                                                                                                • Instruction Fuzzy Hash: 521143B9D0020AEFDB41CF98C884AEEBBF5FF09310F509156E915E2210D775AA55CF90
                                                                                                Function 00BE2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BE2DC5
                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00BE2DD6
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00BE2DDD
                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BE2DE4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2710830443-0
                                                                                                • Opcode ID: 52aa82573527c5d88ac9bdf71832723dfbe0bdcb2d6e7d17c66f2c8faf2c3caf
                                                                                                • Instruction ID: d1f6d40375eb1fe3e2281a3420b2c596e37348f216ada2976d3f48553c0b7555
                                                                                                • Opcode Fuzzy Hash: 52aa82573527c5d88ac9bdf71832723dfbe0bdcb2d6e7d17c66f2c8faf2c3caf
                                                                                                • Instruction Fuzzy Hash: 5CE06D71581224BAD7201B639C8DFEF3EACFB43BA1F008165B605D1080DAA0C841C6B0
                                                                                                Function 00C18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B99693
                                                                                                  • Part of subcall function 00B99639: SelectObject.GDI32(?,00000000), ref: 00B996A2
                                                                                                  • Part of subcall function 00B99639: BeginPath.GDI32(?), ref: 00B996B9
                                                                                                  • Part of subcall function 00B99639: SelectObject.GDI32(?,00000000), ref: 00B996E2
                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00C18887
                                                                                                • LineTo.GDI32(?,?,?), ref: 00C18894
                                                                                                • EndPath.GDI32(?), ref: 00C188A4
                                                                                                • StrokePath.GDI32(?), ref: 00C188B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                • String ID:
                                                                                                • API String ID: 1539411459-0
                                                                                                • Opcode ID: 76cf27f2e5eef204d0e5099dd30a4c5b668c3259c139e07132b3f709c371eb41
                                                                                                • Instruction ID: c3d89ff00a51820a2612048135b63c982c86f1e96b28501da44cf9daa1a4d2dd
                                                                                                • Opcode Fuzzy Hash: 76cf27f2e5eef204d0e5099dd30a4c5b668c3259c139e07132b3f709c371eb41
                                                                                                • Instruction Fuzzy Hash: D1F03A36085258BAEB125F94AC0EFCE3B59AF0B711F048040FA11650E1C7755651DBE9
                                                                                                Function 00B998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSysColor.USER32(00000008), ref: 00B998CC
                                                                                                • SetTextColor.GDI32(?,?), ref: 00B998D6
                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00B998E9
                                                                                                • GetStockObject.GDI32(00000005), ref: 00B998F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                • String ID:
                                                                                                • API String ID: 4037423528-0
                                                                                                • Opcode ID: bba26b41902082e2f259a17647018b8fff7ee01a2575e85935a03df63bd35aee
                                                                                                • Instruction ID: 6bc85ddb6fdc3df0c1609d7694a8ced75ae431ddd78eb02ba67997f81c791a32
                                                                                                • Opcode Fuzzy Hash: bba26b41902082e2f259a17647018b8fff7ee01a2575e85935a03df63bd35aee
                                                                                                • Instruction Fuzzy Hash: 1AE039312C4280AAEB215B78AC49BEC7B61FB13336F24C25AF6BA581E1D77146409B11
                                                                                                Function 00BE162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThread.KERNEL32 ref: 00BE1634
                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00BE11D9), ref: 00BE163B
                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00BE11D9), ref: 00BE1648
                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00BE11D9), ref: 00BE164F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                • String ID:
                                                                                                • API String ID: 3974789173-0
                                                                                                • Opcode ID: 68d91466b8057518859e796953483821aff0af7d2466e6b995fd3addd7d5e9dd
                                                                                                • Instruction ID: b741b56692405c55f1423bef08c22ba44047ed3a2f8a6272f90285fd473e3929
                                                                                                • Opcode Fuzzy Hash: 68d91466b8057518859e796953483821aff0af7d2466e6b995fd3addd7d5e9dd
                                                                                                • Instruction Fuzzy Hash: 4CE04F31641211DFD7201BA59D4DBCA3BB8FF46791F14CC48F245C9090D73445418750
                                                                                                Function 00BDD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 00BDD858
                                                                                                • GetDC.USER32(00000000), ref: 00BDD862
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BDD882
                                                                                                • ReleaseDC.USER32(?), ref: 00BDD8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: 010e8bff812fb2aee14f121d75b89a6c495d969788f8920e331e504bfcc5eced
                                                                                                • Instruction ID: 2e98fd68761ed00c9f5ffde3cc87e690ce47d98773a27b7145671e6ca09f8571
                                                                                                • Opcode Fuzzy Hash: 010e8bff812fb2aee14f121d75b89a6c495d969788f8920e331e504bfcc5eced
                                                                                                • Instruction Fuzzy Hash: 81E01AB4840204EFCF41AFA0D8887ADBBF1FB09310F10D059F85AE7250C7384901AF50
                                                                                                Function 00BDD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDesktopWindow.USER32 ref: 00BDD86C
                                                                                                • GetDC.USER32(00000000), ref: 00BDD876
                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BDD882
                                                                                                • ReleaseDC.USER32(?), ref: 00BDD8A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2889604237-0
                                                                                                • Opcode ID: 33a384c7727014620e3e823168dc23f562864575aa7c3352148025beca75dd9d
                                                                                                • Instruction ID: ed971406979b40b8d25efcf6310ea3d74b53e6d28147ee1118d718482d3a37c4
                                                                                                • Opcode Fuzzy Hash: 33a384c7727014620e3e823168dc23f562864575aa7c3352148025beca75dd9d
                                                                                                • Instruction Fuzzy Hash: 40E092B5C40204EFCF51AFA1D8887ADBBF5BB09311B14D459F95AE7260CB385A05AF50
                                                                                                Function 00BF4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B87620: _wcslen.LIBCMT ref: 00B87625
                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00BF4ED4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Connection_wcslen
                                                                                                • String ID: *$LPT
                                                                                                • API String ID: 1725874428-3443410124
                                                                                                • Opcode ID: f715a5f06cfe8d5920e69f528774e317f10836af0702bd4ee65563bb599bf434
                                                                                                • Instruction ID: 672352ef2ee9ed8dbef91e48f615e11771f9b483254c0aa3ca9891a5de683f25
                                                                                                • Opcode Fuzzy Hash: f715a5f06cfe8d5920e69f528774e317f10836af0702bd4ee65563bb599bf434
                                                                                                • Instruction Fuzzy Hash: AA913B75A002089FCB14DF58C494EAABBF1FF45318F1880D9E94A9B762D731ED89CB91
                                                                                                Function 00BAE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 00BAE30D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorHandling__start
                                                                                                • String ID: pow
                                                                                                • API String ID: 3213639722-2276729525
                                                                                                • Opcode ID: 9c53be2307f870cee785badc55dca25c139d29de13bd9efe20bd6be9289693e6
                                                                                                • Instruction ID: c2176dca6e047d45f259b926f968e037dfa74f91f3d1ff95d2446181c8ec7776
                                                                                                • Opcode Fuzzy Hash: 9c53be2307f870cee785badc55dca25c139d29de13bd9efe20bd6be9289693e6
                                                                                                • Instruction Fuzzy Hash: 95515DA1A5C20297CB167714C9417FD3BE8DF81780F3449E8E0A5472E9EF74CC959A46
                                                                                                Function 00B9E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #
                                                                                                • API String ID: 0-1885708031
                                                                                                • Opcode ID: cb507d0c27411b89d7b89a0e9001b897f709f5fa7f3abc50698b1d25837cfa01
                                                                                                • Instruction ID: 8aef599035ef7bae3bd9d378c9a6c408daab886952eefd599a375550572b9115
                                                                                                • Opcode Fuzzy Hash: cb507d0c27411b89d7b89a0e9001b897f709f5fa7f3abc50698b1d25837cfa01
                                                                                                • Instruction Fuzzy Hash: F651B075904246DFDF19EF68C4816BABBE4EF55310F2440A6E8A19F291EA34DD42CBA0
                                                                                                Function 00B9F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000), ref: 00B9F2A2
                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00B9F2BB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                • String ID: @
                                                                                                • API String ID: 2783356886-2766056989
                                                                                                • Opcode ID: 946ede96246fc328095e3ea702b1c22020172f7ca23165a638d52befed9b35ae
                                                                                                • Instruction ID: 939c35e4b003e359ef4a33fe037906a2542591d7a5b234ab320fbfbd55c8a5b4
                                                                                                • Opcode Fuzzy Hash: 946ede96246fc328095e3ea702b1c22020172f7ca23165a638d52befed9b35ae
                                                                                                • Instruction Fuzzy Hash: 8B5138714187449BE320AF10EC86BAFBBF8FF84304F91889DF1D9511A5EB708529CB66
                                                                                                Function 00C05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00C057E0
                                                                                                • _wcslen.LIBCMT ref: 00C057EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                • String ID: CALLARGARRAY
                                                                                                • API String ID: 157775604-1150593374
                                                                                                • Opcode ID: 12c49d93d14b998a2e628b674fe6445976657c6021ca39f65d73d0ab5544afcb
                                                                                                • Instruction ID: a2705f61923b87526b67df2f647e80b314d9bfd8cb948b1c427868d4448dccc2
                                                                                                • Opcode Fuzzy Hash: 12c49d93d14b998a2e628b674fe6445976657c6021ca39f65d73d0ab5544afcb
                                                                                                • Instruction Fuzzy Hash: 99419E71A401099FCF04EFA9C8819BEBBF5FF59310F1081A9E915A7291E7309E81CF90
                                                                                                Function 00BFD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _wcslen.LIBCMT ref: 00BFD130
                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00BFD13A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CrackInternet_wcslen
                                                                                                • String ID: |
                                                                                                • API String ID: 596671847-2343686810
                                                                                                • Opcode ID: 60e3f7fd84b42410dde3ba53ff0e588656b9ad858bdd99afbab5c96258e32d5a
                                                                                                • Instruction ID: 6039d00de6f7e78655e0724ab65012aed4656e1868a84284123f772446fcfabd
                                                                                                • Opcode Fuzzy Hash: 60e3f7fd84b42410dde3ba53ff0e588656b9ad858bdd99afbab5c96258e32d5a
                                                                                                • Instruction Fuzzy Hash: AF311971D00209ABCF15EFA4CC85AEEBFFAFF05300F000099F915A6162E731AA16DB60
                                                                                                Function 00C1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00C13621
                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00C1365C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$DestroyMove
                                                                                                • String ID: static
                                                                                                • API String ID: 2139405536-2160076837
                                                                                                • Opcode ID: e362586daf0a5dd6a10e4f963f1bbdf4bbfb1fea5e950c75451d4b727781a9b4
                                                                                                • Instruction ID: 6f4cfcc2216014c30bd023b91e0a3783e4631a1c7bfa84bac82c6ec3923ad293
                                                                                                • Opcode Fuzzy Hash: e362586daf0a5dd6a10e4f963f1bbdf4bbfb1fea5e950c75451d4b727781a9b4
                                                                                                • Instruction Fuzzy Hash: A0319E71110244AEDB10DF28DC80FFB73A9FF89764F108619F9A597290DA30AE91E764
                                                                                                Function 00B997C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                • GetParent.USER32(?), ref: 00BD73A3
                                                                                                • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 00BD742D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$ParentProc
                                                                                                • String ID: Hf
                                                                                                • API String ID: 2181805148-3302991505
                                                                                                • Opcode ID: 42b5df62f0da816b11da2593c19738f3dab564e78dd957a4e0f09cfa22ea7dc2
                                                                                                • Instruction ID: 66b9420cf526e3d7b0302028b7b63eb87b47ba275b1675a61f557a5442841d9b
                                                                                                • Opcode Fuzzy Hash: 42b5df62f0da816b11da2593c19738f3dab564e78dd957a4e0f09cfa22ea7dc2
                                                                                                • Instruction Fuzzy Hash: 5821A074641104AFCF259F2CC889AE93BE5EF0A3B0F0842EAF9254B3A1E7319D51DA40
                                                                                                Function 00C131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00C1327C
                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C13287
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Combobox
                                                                                                • API String ID: 3850602802-2096851135
                                                                                                • Opcode ID: 8812e5f82abcbf5af6d478d534fedef6213bd9ac11f17ea8d9c2e5ff175f1d2b
                                                                                                • Instruction ID: e074fc68c7efc9294e692b469dea0cea47706070e8599385e6157defefd776b7
                                                                                                • Opcode Fuzzy Hash: 8812e5f82abcbf5af6d478d534fedef6213bd9ac11f17ea8d9c2e5ff175f1d2b
                                                                                                • Instruction Fuzzy Hash: BF11B6713002487FEF25AE54DC84FFB376AEB56368F104124F92497291D6319E91A760
                                                                                                Function 00C132A6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateMenuPopup
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3826294624-3302991505
                                                                                                • Opcode ID: da4bba806f99eac398ba7bd3ac90b16dad72c3a87f4bbd4632ed47a81c1f0d15
                                                                                                • Instruction ID: d06fd4d96cdcfc44a3ba7d12d05147e7ade0965358fdfa73f4988420bdaca8c5
                                                                                                • Opcode Fuzzy Hash: da4bba806f99eac398ba7bd3ac90b16dad72c3a87f4bbd4632ed47a81c1f0d15
                                                                                                • Instruction Fuzzy Hash: 8B2162746042449FCB20DF18C445BD577E5FB0B368F08806AE86997392D331AE82DF55
                                                                                                Function 00C13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B8604C
                                                                                                  • Part of subcall function 00B8600E: GetStockObject.GDI32(00000011), ref: 00B86060
                                                                                                  • Part of subcall function 00B8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B8606A
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C1377A
                                                                                                • GetSysColor.USER32(00000012), ref: 00C13794
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                • String ID: static
                                                                                                • API String ID: 1983116058-2160076837
                                                                                                • Opcode ID: 8b2015f74d43a3bb8f2de9d7bdaf608b05bf3ab1ffbc65ab3fd473e47e525da3
                                                                                                • Instruction ID: 50b541cdd3fffd0425d40e1ec914d9516ba0509fab7ea5f12828ad15513b201a
                                                                                                • Opcode Fuzzy Hash: 8b2015f74d43a3bb8f2de9d7bdaf608b05bf3ab1ffbc65ab3fd473e47e525da3
                                                                                                • Instruction Fuzzy Hash: 701129B2650209AFDB01DFA8CD45AEE7BB8FB09314F004514F965E2250D735E951EB90
                                                                                                Function 00C16181 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00C161FC
                                                                                                • SendMessageW.USER32(?,00000194,00000000,00000000), ref: 00C16225
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3850602802-3302991505
                                                                                                • Opcode ID: c1662089a12442fdd46bca05ac20ddd7ba050431931dc811e6c7b9b0f3af8941
                                                                                                • Instruction ID: b42b5a0f34a2a9071cf2b5b63d0cd5e75de18ea781af318882522ea0f40595ad
                                                                                                • Opcode Fuzzy Hash: c1662089a12442fdd46bca05ac20ddd7ba050431931dc811e6c7b9b0f3af8941
                                                                                                • Instruction Fuzzy Hash: 7711BF31140214BEEB148F68CC59FFE3BA4EB0B310F108155FA26AA1E1D3B0DB80EB50
                                                                                                Function 00BFCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00BFCD7D
                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00BFCDA6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$OpenOption
                                                                                                • String ID: <local>
                                                                                                • API String ID: 942729171-4266983199
                                                                                                • Opcode ID: d703ce4c1b76335277453e41a2fa06f8faa2a14270b3c55568801d606d0715f5
                                                                                                • Instruction ID: 11724e0b5d20ef0011170da451a7a3c52c810746dc3bb2be16376a515faedda4
                                                                                                • Opcode Fuzzy Hash: d703ce4c1b76335277453e41a2fa06f8faa2a14270b3c55568801d606d0715f5
                                                                                                • Instruction Fuzzy Hash: BC11A37924563DBAD7244A668C85FFBBEE8EF127A4F104276B21983090D6709889D6F0
                                                                                                Function 00C13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00C134AB
                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00C134BA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                • String ID: edit
                                                                                                • API String ID: 2978978980-2167791130
                                                                                                • Opcode ID: 890b4ad2084136ca96dfb77e4aabc514139911b5280e2af6646be42baad0bb13
                                                                                                • Instruction ID: 5c6564e47447947f8c46e140627493ec972ebbe108db4ce344b1946af5084422
                                                                                                • Opcode Fuzzy Hash: 890b4ad2084136ca96dfb77e4aabc514139911b5280e2af6646be42baad0bb13
                                                                                                • Instruction Fuzzy Hash: DB11BF71100248AFEB228E64DC84BEB3BAAEB16378F504324F971931E0C731DE91AB50
                                                                                                Function 00C14F80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageW.USER32(?,?,?,?), ref: 00C14FCC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 3850602802-3302991505
                                                                                                • Opcode ID: 0cbc0cf2f23d38d556fa46d3c5b0d04111e676acdc0808b74dd78d51b0b08072
                                                                                                • Instruction ID: e8ccb6d91d9d1a081f2a6ce9bacdc1d3db303dddd471bf38c632e1866ef8bff4
                                                                                                • Opcode Fuzzy Hash: 0cbc0cf2f23d38d556fa46d3c5b0d04111e676acdc0808b74dd78d51b0b08072
                                                                                                • Instruction Fuzzy Hash: 0321D37A60011AEFCB15DFA8C9809EE7BB5FB4E350B004194FD16A7320D631EE61EB90
                                                                                                Function 00BE6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00BE6CB6
                                                                                                • _wcslen.LIBCMT ref: 00BE6CC2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                • String ID: STOP
                                                                                                • API String ID: 1256254125-2411985666
                                                                                                • Opcode ID: 1ad3029424ef13ea5bfef3b364ecfffa12cd9fef47ea40566f7a1b86c13043bb
                                                                                                • Instruction ID: 6eba2074a1f028e9340863bd29f9a5f12167d0189487dcc9a12615e206b55b6e
                                                                                                • Opcode Fuzzy Hash: 1ad3029424ef13ea5bfef3b364ecfffa12cd9fef47ea40566f7a1b86c13043bb
                                                                                                • Instruction Fuzzy Hash: A4010432A1056A8BCB20AFFECC809BF73F5FA7179076005B8E85292291EB31D810C750
                                                                                                Function 00B990DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Hf
                                                                                                • API String ID: 0-3302991505
                                                                                                • Opcode ID: 94bd48090221e2a0126b56a6e4331834c78fcec44e3f61ffbafc03b5410be20d
                                                                                                • Instruction ID: e0c6432a40884941748866140f322085c5235e103940e256c2bcaa2a0eed06a8
                                                                                                • Opcode Fuzzy Hash: 94bd48090221e2a0126b56a6e4331834c78fcec44e3f61ffbafc03b5410be20d
                                                                                                • Instruction Fuzzy Hash: C0112E346446049FCB20DF19D894F99B7E6FB59320F14825AF9259B3E0D771ED418F90
                                                                                                Function 00BE1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00BE1D4C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: e55ec9159e08cfbdc3a3740b0588c8138b5197b4f9e05780d4dfd2a33bfde27c
                                                                                                • Instruction ID: cdbfe5b1ddfc21d3611dcf3cbc8ed7f650837dd2e972952681afedc8f960fb43
                                                                                                • Opcode Fuzzy Hash: e55ec9159e08cfbdc3a3740b0588c8138b5197b4f9e05780d4dfd2a33bfde27c
                                                                                                • Instruction Fuzzy Hash: C001B571601218ABCB04FBA5CC559FE73E8FB46750B2449A9B822673D1EB315908C760
                                                                                                Function 00BE1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00BE1C46
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: 75541849a4a7dafb99cfc01c656abd470786795e33c59158409266d0a2fe7959
                                                                                                • Instruction ID: 27f8ee2bf12c599539f898b7e8e9522f36d0d471e30bee9a3e7981b215e068b8
                                                                                                • Opcode Fuzzy Hash: 75541849a4a7dafb99cfc01c656abd470786795e33c59158409266d0a2fe7959
                                                                                                • Instruction Fuzzy Hash: 950184756811446BCF04FB95C955AFF77E8DB11740F3404A9B416B7392EB219A08C7B1
                                                                                                Function 00BE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00BE1CC8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: b5a5be97e55aad6b9962d612cf4f60cbb2ede1b43c19b3f45b79ba1875328e12
                                                                                                • Instruction ID: 5b3f7560ef5f2f54e8d5195be86dfe438b9618970231ff59c731a990986244ab
                                                                                                • Opcode Fuzzy Hash: b5a5be97e55aad6b9962d612cf4f60cbb2ede1b43c19b3f45b79ba1875328e12
                                                                                                • Instruction Fuzzy Hash: E4018F7168125867CF04EBA5CA45AFE73E8EB11780F340495B802B7392EB219E48C771
                                                                                                Function 00BE1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B89CB3: _wcslen.LIBCMT ref: 00B89CBD
                                                                                                  • Part of subcall function 00BE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BE3CCA
                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00BE1DD3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                • String ID: ComboBox$ListBox
                                                                                                • API String ID: 624084870-1403004172
                                                                                                • Opcode ID: c32f428cdd7e2d4fc21e0cbabe0f94c43d8c09688fce6ae0144f92064e5b4c41
                                                                                                • Instruction ID: 691d6f964b48ce3d988e24461303267cfb4960fb5a6c957886bd2ea4420f1e0b
                                                                                                • Opcode Fuzzy Hash: c32f428cdd7e2d4fc21e0cbabe0f94c43d8c09688fce6ae0144f92064e5b4c41
                                                                                                • Instruction Fuzzy Hash: 41F0A471A5121967DB04F7A9CC96BFE77F8FB02750F180DA5B822632D2EB7199088760
                                                                                                Function 00C190A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B99BB2
                                                                                                • DefDlgProcW.USER32(?,0000002B,?,?,?,?,?,?,?,00BD769C,?,?,?), ref: 00C19111
                                                                                                  • Part of subcall function 00B99944: GetWindowLongW.USER32(?,000000EB), ref: 00B99952
                                                                                                • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00C190F7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LongWindow$MessageProcSend
                                                                                                • String ID: Hf
                                                                                                • API String ID: 982171247-3302991505
                                                                                                • Opcode ID: 78a803d3e30719e43df8abb8e59f25dd1049189061b7986e743757d8928f58ed
                                                                                                • Instruction ID: 3a04bb5d9ce4bf22599cb96a556d8bf718a7ee5ebcd2fc662c3218143604a99f
                                                                                                • Opcode Fuzzy Hash: 78a803d3e30719e43df8abb8e59f25dd1049189061b7986e743757d8928f58ed
                                                                                                • Instruction Fuzzy Hash: 8801BC34100214BBDB219F24DC99FEA3BB6FB8B365F240168F9611A2E1C7326DD1EB50
                                                                                                Function 00C0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: _wcslen
                                                                                                • String ID: 3, 3, 16, 1
                                                                                                • API String ID: 176396367-3042988571
                                                                                                • Opcode ID: 4f0435055743b342a13f77adffb102f666d17786e36111c82a0b62612a664cc0
                                                                                                • Instruction ID: d698d8ea9ab659697f7db6960c625b89e800ad1942dcea5c5efba207b83ba761
                                                                                                • Opcode Fuzzy Hash: 4f0435055743b342a13f77adffb102f666d17786e36111c82a0b62612a664cc0
                                                                                                • Instruction Fuzzy Hash: 64E06102B0836014D33516B9DCC197F96CDDFC6750710192BF981C22E6EBD4DEA1D7A0
                                                                                                Function 00BE0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00BE0B23
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message
                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                • API String ID: 2030045667-4017498283
                                                                                                • Opcode ID: 9d940e82805554603c11f82f32f732d164f9b502ff37602f42eca5f01473e40e
                                                                                                • Instruction ID: 6e4a4486ee2572c7eb6210368396612ad96b99e3e8c4f6e545bb2c4007adb2e1
                                                                                                • Opcode Fuzzy Hash: 9d940e82805554603c11f82f32f732d164f9b502ff37602f42eca5f01473e40e
                                                                                                • Instruction Fuzzy Hash: FAE0D83128430827D61436547C43FC97BC49F07F21F1044B6FB58954C38BD1689056E9
                                                                                                Function 00BA0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 00B9F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00BA0D71,?,?,?,00B8100A), ref: 00B9F7CE
                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00B8100A), ref: 00BA0D75
                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00B8100A), ref: 00BA0D84
                                                                                                Strings
                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00BA0D7F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                • API String ID: 55579361-631824599
                                                                                                • Opcode ID: af47173c2748c188f7dd34c736391d425159b3e1124ee40b993fd162039c6d4c
                                                                                                • Instruction ID: 269c243369f388d9d225e222bbf02fc3a8138cacc05427bc74fff81c33d7f2f0
                                                                                                • Opcode Fuzzy Hash: af47173c2748c188f7dd34c736391d425159b3e1124ee40b993fd162039c6d4c
                                                                                                • Instruction Fuzzy Hash: 08E065752047018BD760AFB9D44839A7BE0BF02740F0089BDE885C6661D7F4E4848B91
                                                                                                Function 00BF3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00BF302F
                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00BF3044
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: Temp$FileNamePath
                                                                                                • String ID: aut
                                                                                                • API String ID: 3285503233-3010740371
                                                                                                • Opcode ID: 6bb8a41e39dc4acca78f5c9b3baabbb3d22dbb4af18a25dfa5643690af33fa8e
                                                                                                • Instruction ID: 01d3657b64fc0673f8ce71b58ebb235426b9e035658153723a005ee75737dc40
                                                                                                • Opcode Fuzzy Hash: 6bb8a41e39dc4acca78f5c9b3baabbb3d22dbb4af18a25dfa5643690af33fa8e
                                                                                                • Instruction Fuzzy Hash: 75D05EB254032867DA20A7A4AC4EFCB3A6CEB06750F0002A1B655E2091DAF49984CAD0
                                                                                                Function 00BDD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID: %.3d$X64
                                                                                                • API String ID: 481472006-1077770165
                                                                                                • Opcode ID: 5757c40165396027704da4ed68619e036b06021c4da35cce381ad62267e34690
                                                                                                • Instruction ID: 740a904e9a2fed6507e8bd2bfa59c84fb8ed209eb4fc1e18e6d70a2d083ed227
                                                                                                • Opcode Fuzzy Hash: 5757c40165396027704da4ed68619e036b06021c4da35cce381ad62267e34690
                                                                                                • Instruction Fuzzy Hash: 53D012A1848109EACF509BD0CCC59F9F3FCBB18341F5084E3F846D1140F634C5096B61
                                                                                                Function 00C12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C1236C
                                                                                                • PostMessageW.USER32(00000000), ref: 00C12373
                                                                                                  • Part of subcall function 00BEE97B: Sleep.KERNEL32 ref: 00BEE9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: 70968fb6f5b0ea5102177a85fbeb0d126f0e8246714aa645c0e65a0585bc61c1
                                                                                                • Instruction ID: 8c1447b16828d771a557d3d4734dc466dd7a9f4044ee5df59f6273bc1898f675
                                                                                                • Opcode Fuzzy Hash: 70968fb6f5b0ea5102177a85fbeb0d126f0e8246714aa645c0e65a0585bc61c1
                                                                                                • Instruction Fuzzy Hash: EBD022323C03007BE264B370DC4FFCAB644BB02B00F008A127301EA0D4C9F0B840CA04
                                                                                                Function 00C12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C1232C
                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00C1233F
                                                                                                  • Part of subcall function 00BEE97B: Sleep.KERNEL32 ref: 00BEE9F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                • String ID: Shell_TrayWnd
                                                                                                • API String ID: 529655941-2988720461
                                                                                                • Opcode ID: 362b84bf386cf481038227830473436a6bc593b1a86259422eefbf74e0ed0b64
                                                                                                • Instruction ID: f2e15e9875c65bfddd8ec690a17bab483ec0b3a3072385216ff8bb38f9a05cf9
                                                                                                • Opcode Fuzzy Hash: 362b84bf386cf481038227830473436a6bc593b1a86259422eefbf74e0ed0b64
                                                                                                • Instruction Fuzzy Hash: 13D022363C4300BBE264B370DC4FFCABA44BB01B00F008A127305AA0D4C9F0A840CA00
                                                                                                Function 00BBBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00BBBE93
                                                                                                • GetLastError.KERNEL32 ref: 00BBBEA1
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BBBEFC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2068673142.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                • Associated: 00000000.00000002.2068659083.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068722359.0000000000C42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068808825.0000000000C4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.2068824858.0000000000C54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_b80000_file.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1717984340-0
                                                                                                • Opcode ID: b620f3b72281aab93852312d932026450f1c3dfd910ea4f0122aa03f809b3d40
                                                                                                • Instruction ID: bf1240930db2fb6b0acb33a5a9ef178e36a4c8fee7a812f072c0d24d2c7639d6
                                                                                                • Opcode Fuzzy Hash: b620f3b72281aab93852312d932026450f1c3dfd910ea4f0122aa03f809b3d40
                                                                                                • Instruction Fuzzy Hash: F3419035604206AFCB218FA5CC84FFA7BE5EF42710F2441A9F959971A1DBF08D01DB50

                                                                                                Executed Functions

                                                                                                Function 000001709EA811BA Relevance: .2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 660877a1f464d9c1225f7011a7ad5fe27e2a2c681b27d2487cdc2e2907ffd3d2
                                                                                                • Instruction ID: 3044b174ad9bf8cdaa65cc42b146d6800053c4248154a07275c6d9f24e2690f5
                                                                                                • Opcode Fuzzy Hash: 660877a1f464d9c1225f7011a7ad5fe27e2a2c681b27d2487cdc2e2907ffd3d2
                                                                                                • Instruction Fuzzy Hash: 424154B3529A488EF76E8A2C4C473D437E1E7BD318F654269E54DC71E3F525AC424340
                                                                                                Function 000001709EA83D90 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 48bcabaf5f57f55388ef9d03afb4475f3beedea79c8f35ee53a6190b862fb4ae
                                                                                                • Instruction ID: 0b2905523256a8b4b0e29d450debf9f4db6c89bbe1c49414597585b64de88232
                                                                                                • Opcode Fuzzy Hash: 48bcabaf5f57f55388ef9d03afb4475f3beedea79c8f35ee53a6190b862fb4ae
                                                                                                • Instruction Fuzzy Hash: 3D21023291CB089BEA9AE62C588679477F0EB5C318F88064AD94DC72F3D914ECC0C383
                                                                                                Function 000001709EA85580 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: acb0fe818a42daa008614996460af7357a92b7638dc2e300e6124ea8fe7d6380
                                                                                                • Instruction ID: 961980da4b451bde485b02be68497c33c1baafa6564f26802798b008fb9c61b6
                                                                                                • Opcode Fuzzy Hash: acb0fe818a42daa008614996460af7357a92b7638dc2e300e6124ea8fe7d6380
                                                                                                • Instruction Fuzzy Hash: 4521293296CB0C9ADA59E6685C8769477F0EB5C318F840A56D94DC71F3E904ECC4C383
                                                                                                Function 000001709EA8B176 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0bdb56122a461b9cb0a1456d046b8421e9f0ae5f5d5fe6ac85ca62a1a5136f6a
                                                                                                • Instruction ID: e0d8c2b3de33cb9d12fbe48afdf3f66b140598b2f3a8ab376276a093945537f9
                                                                                                • Opcode Fuzzy Hash: 0bdb56122a461b9cb0a1456d046b8421e9f0ae5f5d5fe6ac85ca62a1a5136f6a
                                                                                                • Instruction Fuzzy Hash: 39F08C31498A18DFDB28EF44C892DA6BBB5FB09304F01408DE14A93182DA35AC02CBA1
                                                                                                Function 000001709EA8BE2A Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 36a5375991961d84ab9d58339c2823a8850b835857233dbe7bc392d82262887a
                                                                                                • Instruction ID: d827c018bfdfaae1697df7a003c752430e1e792213a422eb7ad9b05bdf1aa815
                                                                                                • Opcode Fuzzy Hash: 36a5375991961d84ab9d58339c2823a8850b835857233dbe7bc392d82262887a
                                                                                                • Instruction Fuzzy Hash: 04F06D31808A28CBCF2AAF44E8904A9F7F1FF18311B15044EE49663011C739A861CB91
                                                                                                Function 000001709EA8BE67 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.3335427634.000001709EA81000.00000020.00000800.00020000.00000000.sdmp, Offset: 000001709EA81000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1709ea81000_firefox.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f6ba1aaa0299452764579c7a388adb76ea53861b1ff84f7b64bf81fa4037e651
                                                                                                • Instruction ID: 0f5c7bb4dfb36f800d9ee56a9060c88a0f3d4ac0af018d06448ed6d534a1409f
                                                                                                • Opcode Fuzzy Hash: f6ba1aaa0299452764579c7a388adb76ea53861b1ff84f7b64bf81fa4037e651
                                                                                                • Instruction Fuzzy Hash: CDF09231808A29CFCF29EF44E8904A9FBF1FF18311B15044EE49663011C739A821CBD1